How to connect home computers (Linux) from office computer (windows) using putty
Is there any way I can connect home computers (Linux) from office computer (windows) using putty. If yes, please tell me the step to make the connection.
Solution 1:
An easier way to set your home router to allow incoming connection to your Home PC (running Linux) is to set DMZ to your PC.
So as some people has mentioned (also to recap):
- Login to your router at home, and set DMZ to your local PC address (for now we assume your linux PC IP address is 192.168.1.5)
- Install openssh-server on your linux PC, and don't forget to test it (by simply ssh 192.168.1.5 just to test that you can ssh to the openssh-server that you just installed)
- You need to know your WAN IP address (the IP address that is known to the world when you are connecting externally outside your internal network) - For now lets assume this is 8.8.8.8 (Note this is actually google DNS but I am using this for this example)
- Connect from your work (or any other PC connected to the internet) by using PuTTY or SSH to connect to 8.8.8.8 port 22. If you are using PuTTY (from your office) then it should connect and ask for your username/password to login to your linux box.
- Check your Linux Box Firewall and ensure that it allows ssh
A few possible issues:
-
3 above about your WAN IP. If you have Static IP - then most likely it should just work straight away. But if it doesn't, read through.
-
3 above about your WAN IP. Most homes comes with Dynamic IP, this is when you want a service called DDNS (Dynamic DNS) to come into play. DDNS allows you to create a name (mypc.ddns.com or something like that), and your PC will periodically report back to DDNS that you have a new WAN IP.
- Your Linux Box has its own firewall and blocking connection - I'm assuming you know how to change this setting
- Your Router has its own firewall and blocking connection - you can create an exception. But DMZ setting should override that firewall blocking on your router and pass through all unknown connection to your linux PC (or whatever the DMZ is set to).
- Your ISP is blocking incoming port 22 connection. ... this is when you are somewhat stuffed. But there is a workaround. Your router should allow port forwarding. Use a non-common port (make up a number... say 12222 that hopefully not blocked by your ISP), and then set a port forwarding from port 12222 to port 22 - all these are done on your router.
Pretty sure other people can point out some more possible issues, but give it a try for now and see how you go.
Hope this helps.
Solution 2:
There are three options I am aware of
Port Forwarding
You can set up port forwarding for each device you want to be be able to connect to externally.
- This assumes you know your external IP address.
For each device you could assign an arbitrary external port that forwards to that device on port 22. (Or you can do this for one device, and then connect to the others through it)
VPN
Were you to make a VPN with your local network, and then connect to said VPN, it would give you access to everything on on the network.
Reverse SSH
With reverse SSH you make use of an external server, and set up a listening ssh session. Then, on the external server you can connect to the device behind the router without being bothered by firewalls/port forwarding/etc... This is what I prefer (as I haven't set up a VPN yet), but I have access to an external server.
You could do this with:
Device on home network ssh -f -N -R 1234:localhost:22 [email protected]
- Where
1234
is the port that remote would use forward to the device -
remote.server.example
is the remote's address
Then, on the remote server ssh -p 1234 -t device_user@localhost
Solution 3:
Please do be careful about doing this from your work. IT security may not like it. Be very careful that it is within the company policy.
To quote Page 83 of Michael Lucas's SSH Mastery, https://www.tiltedwindmillpress.com/ $9.99
Suppose my desktop is inside a high-security network, however. The firewall tightly restricts Web browsing and blocks all file transfers. If I can use SSH to connect to a server outside the network, I could forward my desktop's traffic to that outside server to get unrestricted access to the Internet. I could upload confidential documents over SSH, and the firewall logs would show only that I made an SSH connection.
Tunnels versus Security Policy
If you're an organization's security officer, port forwarding might make you consider entirely blocking SSH. I understand. I've had your job. You should also know that a recalcitrant user can tunnel SSH inside DNS, HTTP, or almost any other service or protocol. The only way to absolutely block SSH is to deny all TCP or UDP connections from the inside of your network to the outside world, use a Web proxy that intelligently inspects traffic, and not allow your clients access to public DNS even through a proxy.
What you are trying is probably possible. Most company firewalls leave port 80 open as well as other ports. At the command prompt in Windows do netstat -n
and you'll get a list of internal addresses with open ports e.g.
Active Connections
Proto Local Address Foreign Address State
TCP 10.96.144.75:49242 10.96.144.4:445 ESTABLISHED
:
: