I enabled port-forwarding on my router, now how do I "log in" to it with SSH?

Question

I have a server on my home network, and I'd like to be able to remotely access it via SSH. So I enabled port forwarding on my router administration panel, to forward all TCP/UDP requests to port 22 to my little server.

As I understand it, the way port forwarding works is that the router just forwards the TCP/UDP request to the appropriate device on the LAN according to the port forwarding table. So if I'm making an ssh connection to my server, the underlying TCP request will be forwarded to it.

However, the basic ssh command to login to a remote destination is: ssh [user@]<hostname>. The hostname is the IP address, so in this case it'd be my routers' global IP address. But how do I specify the username? As I understand, the router doesn't exactly have one.

Answer 1

I figured it out. [user@] is optional - if you don't specify it, SSH just uses the username of the current user you are logged in as (find via whoami).

To login to your server on the LAN, just use the username of the user you want to sign into the server as.

Under the hood, SSH initiates the TCP request to your router, which forwards the request to your server, and then the SSH application protocol takes over instead of transport, now utilizing the user you previously specified to login to your server.

Answer 2

But how do I specify the username? As I understand, the router doesn't exactly have one.

It doesn't need to, as the router does not interpret anything in the connection payload – it just [almost] blindly redirects the IP packets to the server's address. Although the hostname is your router's address, at TCP and SSH level you're really talking only to the home server and not to the router, so you need to specify a username that would be valid for the server only.

In other words, a connection through a "port forward" is exactly the same as a direct connection to the server's hostname or IP address.