I will be sending a linux machine to a non technical customer overseas. After the customer has connected the machine to his LAN , which is also connected to the Internet, I want to be able to ssh into this machine without requiring the customer to do any router configuration (no port forwarding for instance).
The linux machine is connected to the internet through a router. It does not have a public ip address.
Is this possible using ssh configuration only?
If not then what is the simplest way to achieve this?
I used to work in a place where we had a setup that allowed for this, but unfortunately I can't remember the details - here is are the basics of the setup though.
The customers machine would connect using SSH to a machine with a known hostname using the -R option to ssh to setup a reverse port forward. We could then connect to the known machine and use the forwarded port to get to port 22 on the customers machine.
Sorry I can't remember more, but it worked absolutely perfect :)
If that linux system is directly connected with modem then it must have public ip address so you will able to access that linux system from anywhere . but make sure the remote system has static public ip address otherwise you need to do dynamic dns.
Related
I have downloaded the lamp stack server. I am using centos 7. When I put localhost:81/filename it is openeing but it is not working when viewed from other system.
My lamp uses port 81 so I changed Listen 81 in the httpd.conf and in the virtualhost as <virtualhost*:81>. But it is not working. Can anyone help me out this?
Are the two systems already connected to each using a network device like a switch or router?
To share your server with another system , you must first connect both systems to the same network. After which you need to get the IP address assigned to the system hosting the server. On linux, you can type ifconfig command to get this address from the server system. Then enter address in other system like:
http://192.168.1.128/filename
to view the resource.
If you have a wireless wifi box or router, you can use it to connect both systems. Just switch on the box without connecting to the internet.
Connect both systems to the router. Then follow the steps cited above to connect both systems.
I've been trying to SSH to my RPi from an external network for a while with little luck. I've followed all the guides and they say all the same things: get SSH set up, port forward on port 22, and then connect using your external IP address. I've been able to easily SSH to the RPi using my internal IP from the same network with no problem, but not from my external IP. This is my configuration for port forwarding:
That is the internal IP for my RPi's ethernet connection. I've tried it with the IP for WiFi as well and it just has the same effect. When I try to SSH using my external IP, it just times out no matter which internal IP is port forwarded (ethernet or WiFi). I've tried it both on PuTTY on my PC and from my Macbook using
sudo ssh pi#my.external.ip.address
It still just times out. The only thing I can think that might be happening is some issue with a firewall, but I have no idea how firewalls work so if this has been seen before and it is a firewall issue, more detailed guide would be nice.
Even if the issue is not known, is there any way to debug the SSH call and see where exactly it's failing when I use the external IP? Any kind of help is greatly appreciated.
I recently struggled through a lot of this with my pi. As alvits suggests, if you are trying to connect to the pi via the LAN it probably won't work. You need to test from an external IP address.
You shouldn't need to sudo either.
If you are still using pi/raspberry as the username and password, change ASAP. Once the firewall is open it won't take long before you start to see bots trying to log in. I think it was about 30 minutes on my machine. It was interesting for a few days, then annoying. Almost all attacks stopped when I moved off of port 22.
According to this page, it does not appear that my router supports SSH. I was able to find guides online of how to enable it using custom firmware, however I probably won't be attempting that. Thanks for the help anyways!
I'm currently trying to route my internet traffic from my Windows laptop(192.168.1.73) to my other laptop running Kali Linux(192.168.1.64), both on the same network. The idea is the Linux laptop would anonymise the traffic sent, possibly hiding my IP in some way. I'm stuck on how to exactly go about this. I've tried using OpenVPN but to no avail.
192.168.1.x is not public IP subnet. So both your computers are in local net. And so one or both have yet default gateway address for access to Internet and another networks. If you want route Internet traffic through the Windows Laptop to Linux computer you have to setup the Windows IP address like default gateway for Linux computer.
Then on Windows you can used two options for access to Internet for Linux:
1. enabled routing functions use Windows like just router
2. used third party software (like Wingate etc) use Windows like NAT proxy
In the first option the Linux IP address will be view at ISP devices
In the second option the Linux IP address will be change on Windows IP adress
The first is very simple for management. The second is harder.
But I don't understood why it all. If you wanna more security in Internet network you can use https://www.whonix.org/wiki/Download and get maximum security level.
I'd honestly trash this idea and use Tor browser instead, you will be 100% anonymous if you follow the guidelines on their website.
The Tor project:
https://www.torproject.org/
Tips on staying anonymous:
https://www.torproject.org/about/overview.html.en#stayinganonymous
Well and if you seriously want to route the traffic to your Kali machine, use some built-in MITM tools (eg. Arpspoof), but be aware, that this will NOT make you anonymous to the outside (Internet).
Here is how you set-up the MITM, but without the intercepting of traffic:
First, we need to forward all the trafic that the Kali machine recieves to the internet
sysctl -w net.ipv4.ip_forward=1
Then you need to send the forged ARP replies
arpspoof -i [Network Interface Name] -t [Windows IP] [Router IP]
So it should look something like this, you can find the router ip by running the command ifconfig (look for "default gateway")
arpspoof -i wlan0 -t 192.168.1.73 192.168.1.1
Then it should be up and running, tunneling you through the Kali machine.
Here's The Scoop,
I used SET (Social Engineering Toolkit) and made duplicite of a login page, the ip that was used was 10.0.2.15 (Mind you this is on a virtual machine Virtualbox), and when I tried to view it on another computer, it says the server is not responding.I tried to port forward but it was giveing me issues.
is there anything I can do to port forward or do something like that to make the web page connected to the IP viewable on the World Wide Web of another computer.
In other words, the IP's page is only viewable on the same computer who's ip I used to host, can you make it viewable on any computers browser by port forwarding it or something that will work like that.
Use bridging networking for the guest machine. Then, that IP address should be accessible on your network if there are no firewalls enabled.
There are several issues with directly accessing this IP from a separate computer.
First, the forwarding: the computer with the VirtualMachine must accept ip forwarding. This is easy to enable:
https://wiki.archlinux.org/index.php/Internet_sharing
Second, the routing: other computers must know who to ask when looking for 10.0.2.15. This is the hardest part. You could try adding a special route rule on the other computer, to set the host as a gateway for 10.0.2.15, but it requires you to make this on every machine that wishes to access the VM.
As Ahmed said, the easiest way is probably to use a network bridge, where the virtual machine will act as any other computer on the network, with a visible IP.
I have set up a Raspberry Pi in my home office with a Linux OS and have installed Apache (PHP/MySQL). Everything is working and I've been able to successfully connect via SSH from my computer while connected to the same network in my home.
I've seen many similar questions on here but none that can outline what I'm trying to do. I have an XFinity Router and can access it's settings using IP 10.0.0.1 locally. I've read into Port Forwarding which I've set up for the Raspberry Pi but now I'm stuck on the next step in the settings to get it set up so I can connect to it remotely (from a network outside my home's). I'm hoping to use this to host web-based PHP scripts that we can run from any web browsers as well as be able to SSH in from any internet connection.
I'm sorry if this is similar to other questions here but the XFinity interface seems to trouble me and it's not making it easy for me to wrap my head around Port Forwarding and what goes into setting this up correctly.
Thanks for your help!
You need to do three things:
Make sure your Raspberry Pi gets the same IP address on your LAN every time. This can be done by configuring your router for DHCP reservation by using the Pi's MAC (ethernet hardware address), if it supports it. To get the Pi's MAC, You can type ipconfig eth0, or you can use Advanced IP Scanner for Windows, or my own Pi Finder for Mac. (Alternatively, you can set your Pi to use a static IP address.)
Forward port 22 (SSH) in your router to the internal IP address you chose. (If your router supports forwarding a different external address to internal port 22, I recommend doing that for extra security.)
Get a consistent external IP address or name, so you can find your home network on the outside. If you don't have a static IP address from your ISP, then you will need a Dynamic DNS service, such as those offered from Dyn.com, no-ip.com, and Namecheap. You'll need to configure your router to update the service, and not all routers support all Dynamic DNS services (or any). (Alternatively, you can install a Dynamic DNS updater client on your Raspberry Pi or other computer on your home network, but that may or may not be easy.)
I can't advise specifics as to how to configure your particular router, but these three steps are what are generally required to do what you want, and the rest is figuring out the specifics of how your router wants it.