0

I have the following situation:

At home, I'm running an ssh server, on port 22 on one of my machines. I'd like to access it from the internet, so I port forward it. I make the external port 2222, so I don't get the normal wash of bots trying to hack upon port 22.

This works in practice well enough, however when I have a script or alias that tries to connect to these machines, I need to keep editing the port it tries to connect to, depending on whether I'm in or outside the network.

What's the 'best' way to fix this? Near as I can tell, some of my options are:

  • Actually host ssh on 2222
  • Somehow actually route local traffic to my router's port 2222, so it goes through the port forward options
  • Different aliases/scripts depending on where I'm at (yuck).

Is there a better option I'm not aware of? I'll probably default to hosting ssh on 2222, if nothing else comes up.

Improve this question
2
  • you can include a test in the script. If you're inside your network connect on port 22, if you're outside, then on port 2222 Maybe you have something about your network that idenifies it when within
    – barlop
    Commented Nov 4, 2015 at 16:44
  • I would simply not rely on security by obscurity and run openssh on port 22. Instead make your setup more secure by not allowing root login (or only without password) or even any user only with ssh keys.
    – Jaap Eldering
    Commented Nov 6, 2015 at 1:48

1 Answer 1

Reset to default
1

Socat port-forwarding on THE machine:

socat SCTP-LISTEN:2222,fork TCP:localhost:22
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .