0

I need to access my home computer remotely using ssh. I have port forwarding set up on my router to send me to the appropriate computer on the local network. I have it working but viewing my home computer auth.log shows I am connecting from the router IP (it is always the same no matter which public IP I connect from). How do I see the actual public IP address I am connecting from? Is this possible with port forwarding on the router?

My reason for this is I would like to set up some iptables rules to only allow specific IPs. But as it is now, the user connecting always receives the IP of my router, so anyone can connect from anywhere.

Improve this question
0

1 Answer 1

Reset to default
0

It's just not true that anyone can connect from anywhere.. You can limit by the IP of the NAT router that your 'away from home' computers are behind, then they can only connect from those behind that NAT Router. And if you want further security, you could use keys or a password.

Improve this answer
4
  • Hi but what I am saying is that no matter where they connect from, they all must enter through the router and then to my home computer. My home computer always identifies the connection as from my router and hence the IP always looks the same. That is what I am seeing in auth.log
    – jon
    Commented Sep 1, 2014 at 23:33
  • @fancypants You are ambiguous. There is a Router connected to your home computer, and a Router connected to your away computers. I don't know what you mean by "they all must enter through the router " Which Router do you mean?
    – barlop
    Commented Sep 1, 2014 at 23:39
  • There is only one router. Suppose I ssh from McDonalds public wifi, then I ssh from Airport public Wifi, these two different public IPs appear identical when I view auth.log on my home computer. So I can't differentiate between the two.
    – jon
    Commented Sep 2, 2014 at 0:17
  • @fancypants yes this is the reality of NAT. You wouldn't/can't send private IPs e.g. 192.168 or 10.0.0.10 (RFC 1918 has the full list of private ranges) over the Internet. iptables can't be used there. So, use passwords or keys. A key is like when you knock on somebody's door and present your face, they then OK it(beauty of that is it is passwordless). There are other techniques as well for further securing ssh, like 'port knocking' though I haven't tried that before, or blocking them off if they log in wrongly too many times.
    – barlop
    Commented Sep 2, 2014 at 0:23

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .