How to ssh into home LAN behind ISP NAT (no public IP address)?

Question

My property management company provides free internet access. All the apartments in many buildings are behind some common NAT, so none of us have our own public IP addresses. Thus, services like dyndns.org don't work, at least not that I could figure out. All I want to do is to be able to ssh into a machine on my home LAN (which is behind 2 levels of NAT, one at the ISP which I don't control and one at my router which I do control). I can set up port forwarding and so forth on my router no problem. My suspicion is that some machine on my LAN (machine 1) has to poke out to an external machine (machine 2) with a public IP to establish an SSH tunnel, then I can tunnel from machines elsewhere (machine 3) through machine 2 to machine 1.

My questions are:

• Is my suspicion true, or is there some other approach?
• If I have to tunnel out to some other box, are there public ssh proxies or similar available, or do I need to bug someone with a public IP to let me tunnel through their machine?

Answer 1

I would like to clarify Brian:s answer about Hamachi, with a Linux focus.

First install it:

wget https://secure.logmein.com/labs/logmein-hamachi_2.0.1.13-1_i386.deb
sudo aptitude install lsb
sudo dpkg -i logmein-hamachi_2.0.1.13-1_i386.deb 

Then go to the hamachi page and create a new mash network, remember the "network-number" since the do-login needs it.

Back to the command line

sudo hamachi login
sudo hamachi set-nick $HOSTNAME
sudo hamachi do-join XXX-XXX-XXX

Then back to the webpage again and allow the clients to be on this network. (maybe need to have the client to login again)

Then check what pc is on the network:

sudo hamachi list

Now you can grab that ip-number and ssh directly regardless if there is a NAT in the way!

/Have fun

Answer 2

You can remotely access SSH shell to your computer without IP Public using desktop or just a smart phone (e.g. Android) by installing robotito in your computer that u want to access SSH remotely.

• This will allow you to access SSH using from Google Talk Client Apps anywhere.
• There is no need for a public IP address or special setting.
• I'ts Free and Open Source, Not Paying any application services anymore.

I made a script (tested on my raspbian OS in Raspberry Pi) so u can easily install robotito on Raspberry Pi, Debian or Ubuntu Box(debian package distribution). this is the steps to get your linux box remotable:

1. Open Shell Command or u can call it Terminal, go to your home folder, Download installer script by command :

   $wget https://opengateway.googlecode.com/files/robotito

2. after that running the script by entering command :

   $sudo ./robotito

3. and then you can edit file credentials.rb from config folder if robotito using your gtalk account and save it by pressing ctrl+x and y . Default is using nano editor.

4. running the robotito from robotito folder by command

   $cd robotito

   $./jabbershd start

5. Now that this is done you can use ssh from any google talk client, don't forget to add the robotito gtalk account to your google talk account and test it with chatting each other before using the account.

Answer 3

Have you looked at a service like Hamachi that acts like a VPN of sorts? Since clients contact out to their servers, it shouldn't matter, there will be an open connection back to your home computer..

Answer 4

You're right, without the help of your provider there is no way to connect directly to your network. It may be worth talking to them though.

If that fails you will have to, as you put it, poke out and then tunnel back. I'm not aware of any free services like that and I'd be concerned about the security implications of using any.

Answer 5

For raspbmc: after downloading the script and running it

sudo apt-get install ruby1.8 rubygems bundler
cd robotito-master
bundle install
./jabbershd run (to see it connect)

One note: you must set the Google account to accept less secure apps.