SSH access from outside to a pc inside network
I have a static IP and ADSL router linked to a linksys wireless router to which all my machines are connected. I would want to setup SVN on one of machines and provide SSH access which should be accessible by users outside my network. Would this be possible? Even just SVN access through web should be fine. Please let me know what all things should be done to achieve this ? I have Ubuntu VM running in a iMac Leopard machine and another 2 Win 7 32/64 bit machines. I can setup standalone Ubuntu or Win XP on another machine.
Please provide me pointers to port-forwarding if that needs to be done as I have absolutely no clue of how to do it.
Thanks, Raja.
EDIT:
Thanks for the detailed explaination. I tried to setup the ssh first to my mac machine itself instead of VM. Here is currentconfiguration: DSL Router IPv4 Address: 192.168.1.1 Linksys Wireless Router connected to it has IPv4 Address: 192.168.0.1 and same subnet mask 255.255.255.0 as above
Now I have assigned my Mac an IP of 192.168.0.20 and Default Gateway as 192.168.0.1
I enabled SSH in MAC and am able to SSH from another machine locally. ssh [email protected] works.
I have enabled port forwarding on 22 in Linksys router but still I am not able to do ssh raja@publicip Where am I going wrong or what else needs to be done?
If you have a generic setup for SSHD, it's just a matter of telling your Linksys router to forward TCP port 22 to the IP you want access to internally, then from the outside ssh to the static IP, and you'll want to have the machine internally running ssh to have a static IP assigned, not a dynamic (DHCP) address.
Personally, I would change the port to another port not used on your machine, as a nonstandard port makes it more difficult for bots to scan you (And it will happen). But that's up to you. If you use the standard port, you need to be more careful with passwords and usernames, and don't allow root to log in to that port, and you may want to consider installing Denyhosts to block ip's that give an incorrect password 3 times automatically.
Make sure your VM (I assume that's where you are running sshd?) is assigned it's own IP and is using bridged networking so it's not natted twice. That's asking for a world of hurt (nat behind the router, then natted again behind the Leopard machine's VM software). Bridged networking makes the machine appear as if it were another physical machine in your network from the logical view.
You don't necessarily need to set up ssh on the server to a nonstandard port...you could set up a nonstandard port on the router to forward to the internal machine's port 22, if your router supports non-one-to-one mapping (i.e., forward external port 26 to internal port 22 on 192.168.xxx.xxx...), so that only machines outside your network need to use the nonstandard port assignment. But my personal preference is to alter the SSH port on the inside just to tick off bot-scanners.
To sum up...tell your linksys to forward port 22 (or what you choose to use) to your VM's IP. I recommend using a different port, though. Make sure your internal VM machine is using a static, not DHCP, ip address on your internal network, so reboots don't break the forwarding map. Then it's a matter of ssh'ing to your external static IP from an external system to test it. I also recommend using denyhosts if you stick with default port 22 to ban probes. Make sure your VM instance is running bridged, not NAT, networking on the host computer.