How to connect to a linux machine that changes IP regularly?

ssh remote-access

Solution 1:

The other answers seem to have overlooked one thing in your question:

Once that happens, I'm no longer able to connect remotely even using the new IP address

DDNS will help you find out the new IP address, but that doesn't seem to be the problem here.

Unfortunately, the server getting a new IP should not be a problem in the standard setup where the ISP provides a router, the server has an internal address behind the router, and the router does the port forwarding. You might need to provide more information about the network topology to get a good answer.

What I could imagine is the server not being behind a router and doing its own PPPoE connection, and a) the ssh server binding to the specific interface address at the point of server restart, b) a firewall on the machine that permits incoming ssh to just the server's IP with the firewall not updating when the IP changes.

To check the first case, do a netstat -nta | grep -w 22 | grep LISTEN. If it says 0.0.0.0:22, that's ok; if it lists a specific IP, then check the sshd config file (/etc/sshd.conf) for ListenAddress.

To check the second case, do iptables -L -n and check if one of the rules in the INCOMING chain matches your server's IP and port 22.

If one of these has the current server address, you'll need to either change it to 0.0.0.0 (make sure you know about the security implications), or update the rule/configuration whenever the IP changes.

Edit

As the server is behind a router, the above ideas probably don't apply(*). In this setup, the router has an external IP (which changes daily), and your internal devices should have some 10.x.y.z or 192.168.x.y addresses which shouldn't change. You connect to the external address, and the router should a port-forwarding rule to the internal address.

This port forwarding shouldn't break when the external IP changes (existing ssh connections will be dropped however), but maybe it's a rule that wasn't setup by you, but by some UPNP magic, with the router dropping UPNP forwards when it gets a new address, and sshd only invoking the rule when it restarts. Did you set up a port forwarder within the router yourself.

Or, it's the internal IP of the server that changes - in that case, something is severely broken with your DHCP. Give your server a fixed internal address.

Or, are you using IPV6? There are some configurations where a device keeps changing its IP to make it less easy to track. See, for example, https://www.internetsociety.org/blog/2014/12/ipv6-privacy-addresses-provide-protection-against-surveillance-and-tracking/ - but in that case, shame on you for not mentioning it in your original post. This might mean your router not doing NAT at all, and my original ideas still being valid even behind a router.

Solution 2:

Dynamic DNS is one option, another is having the server mail or otherwise send you it’s IP. A simple HTTP call would do (to an endpoint you control and log requests on).

Solving the whole public networking the the other way around is possible as well; you could have the server setup a reverse tunnel, or a VPN connection, which will not be affected by the IP change.

Regarding services not responding on the new address: this completely depends on your network setup. For example: WAN IP on an internal interface via DHCP and an SSH server set to only listen to the IP on your interface known at startup would mean sshd has to be restarted on interface changes.

Solution 3:

You should really look into ddns services. As far as remotely being able to connect to a certain machine with dynamic ip address; ddns is the most commonly used solution.

head over to https://noip.com and signup for an account (it's, errr... supposedly..coff..cof .. Free for 1-3 machines running on the same network(if im not mistaken, dont quote me here: its been a while since ive trusted any of these 'free' services... ). There are also other alternatives such as Afraid DNS (https://freedns.afraid.org/ And even, Cisco's, Open DNS : could also be utilized (provided that this is not you're only client, i'd suggest you sign up for an umbrella account trial, take it for a spin and later sign-up for the real deal >>> they even got one of them GUI-like downloadable extensions which would automatically renew the the ddns hostname whenever your clients ip change. It really is, the easiest, non-tech savvy way that i'm aware of[just in case you gotta call up one of your clients and ask'm to download the GUI rather .... ])

Related

Why is 1 of my 24 CPUs Pegged at 100%?
Time drift
How to find the gateway IP address in Linux
Block Facebook for selected users
If I send data to my computer using its public hostname, does it actually go over the internet?
is it okay to use random URLs instead of passwords? [closed]
Network cables - make them or buy them
Why pay for UNIX?
Degraded Array. RAID 6 with three disk failure
Web Deploy to IIS 7 with Pass-through authentication
Why is Mac OSX Lion losing login/network credentials?
Tomcat 7 trailing slash issue with webapps