Use SSH when multiple Raspberries are connected to the router
There is a method called port-redirecting I read about multiple times in the internet. But noone really explained that one easily.
On most routers, allowing external access to an internal IPv4 host is literally the same function whether the port needs to be changed or not. If your Raspberry Pi has a private IP address, the router has to perform NAT anyway, so "port redirection" is part of it and isn't really a separate thing.
In your case, it seems that FRITZ!Box allows you to enter different "external" and "internal" ports if you select 'Other application' in the same "Permit Access" section.
Going by screenshots found on google this would be:
- Application: [Other application]
- Protocol: [TCP]
- Port to device: [22] through [22]
- Port requested externally (IPv4): [2201]
(The field is labelled as IPv4-specific because in IPv6 you would connect directly to the Pi's own address rather than the router's address, so there wouldn't be any separation between the "external" and "internal/to device" ports.)
Which config file do I have to edit on the RPi's or which settings do I have to change on the router to achieve this?
Normally it's one or the other, depending on what you want.
-
Router |-> external port 2200 -> port 22 of Pi Nr. 0 |-> external port 2201 -> port 22 of Pi Nr. 1 |-> external port 2202 -> port 22 of Pi Nr. 2
This is probably what you call "port redirection". It requires the router to translate the ports, and does not require any changes on the Pi itself.
It is generally specific to IPv4; while still technically possible in IPv6 it's considered a "should be avoided" thing. (This is mostly because in IPv6 each of your Pi's would have its own external address, so the port-22 collision issue would be moot.)
On FRITZ!Box, this seems to be hidden under the "Other application" option in the same "Permit Access" page that you're already using.
-
Router |-> external port 2200 -> port 2200 of Pi Nr. 0 |-> external port 2201 -> port 2201 of Pi Nr. 1 |-> external port 2202 -> port 2202 of Pi Nr. 2
This doesn't require any rewriting from the router (working the same in both IPv4 and IPv6), but requires the SSH service on the Pi to listen on the corresponding port.
On Linux, that's the
Port
option in/etc/ssh/sshd_config
– you should probably add it twice, both for the default port 22 and for your custom port 2200.
You could of course do both, e.g. rewriting external port 2200 to the Pi port 3300, but that's just unnecessary.
There is also the option to not make the other Pi's accessible externally at all. Instead you could use ssh -J
to connect to all of them through the 0th Pi, e.g. ssh -J public.ip lan.ip.pi2
.