I'm looking into a method to enable SSH on new computers I get to set up on our network. Nearly all are on ethernet, a few are on WiFi. Not too worried about the ones on the WiFi.
I figured there is no method, but worth a shot to ask.
-
2You need to be more specific about these "new computers", what OS, what network, etc... And if you don't already have a way to control the computer remotely then you can't do that.– user256743Commented May 7, 2014 at 21:01
Add a comment
|
2 Answers
I'm assuming you're talking about coming in from the internet past your nat, in which there are two easy ways to do it.
1.) Configure each device to listen on a unique nonstandard port (I just picked my port range out of a hat and it hasn't interfered with anything). Set up your router to forward ports accordingly, this will probably also involve setting static ip's to every device in question as well.
2.) Keep ssh on all computers on the network, and foreward port 22 to a "gateway" computer. Connect to this computer, and then connect from your gateway to any other computer you wish. You can ssh through multiple computers (although this can be a bit slower in the real world, since all computers are on the same network it shouldn't be noticable).
If you do this, with either way you go, I recommend NOT listening on port 22, instead change the listener port. If anyone scans your public IP and see's port 22 open, they will know you are listening for an ssh connection, which is the first step to breaking into your system; always take care and be fully aware of the implications of opening your network for unsolicited external access; you're opening it up for everyone, not just yourself.
Just a side note - I have the second set up with RSA authentication (and password disabled) on a ras-pi (and on a different port). That way, no one can connect without my private key. I then connect to the computer I wish with a password.
-
Correct on coming in from the internet past the nat. Is it a must to set static ip's on every device? Also, that is really good to know on setting up a different port # and setting up RSA w/o the password enabled. Very good to know, thanks for the info.– tdmCommented May 7, 2014 at 21:19
-
It's not strictly a must to set static IP's on every device, but imagine if you're trying to ssh to your hypothetical media center computer, but it's DHCP release had renewed. I imagine if you have access to the network it would be trivial to figure out what's it new IP address, but it'd be just as trivial to give it a static IP.– SidneyCommented May 7, 2014 at 21:27
In most GNU Linux distributions sshd is enabled by default after installation. If you have DHCP server you should check ip addresses in dhcp leases. If your network configuration is fine ssh should work by default.
