2

Basically I have two networks connected together with the internet, lets call them N1 and N2. On each network, there is a computer, C1 (in N1) and C2 (in N2). There is no port-forwarding between any of the network routers (R1 and R2) and the computers.

C2 also runs an ssh server. The whole purpose of my post is, how would C1 be able to connect to C2 via SSH? As mentioned there is no port forwarding, so even if any of the networks N1 and N2 had static ips, it wouldn't work.

The following network graphic should help clear the situation: Network

Legend:

  • N1 - First network.
  • N2 - Second network, on the other side of the internet :)
  • C1 - The computer an admin uses to SSH into C2.
  • C2 - The target computer an admin may need to manage, probably would have sshd running
  • S1 - The server that might coordinate the system.
  • R1 - A router that provides an IP for C1 and port forwards some ports to S1. External IP address is static.
  • R2 - Regular home network setup, router provides IP to C2 for internet connectivity. External IP address is dynamic.
  • Yellow Lines - Physical connections.
  • Green Lines - The virtual SSH connection - green line C1-R1 might actually need to be C1-S1-R1 instead.

A main aspect of this system is that an administrator can be on any PC within the R1 network to administer C2. As such, there cannot be any port forward between R1 and any PC in N1 (because it defeats the purpose of being able to use any computer on N1 to administer C2).

8
  • Do N1 and N2 networks have private IP addresses? They are connected to Internet into the same switch? What about WAN addresses of R1 and R2? Please give us more details. Commented Nov 13, 2012 at 8:41
  • @LaurentiuRoescu - I'm sorry, first time I'm doing a network topology sort of question, so I might have left out some crucial details. I didn't understand the part about private IP address, but they are connected to the internet directly. There's the gateway at 192.168.1.1. Commented Nov 13, 2012 at 9:56
  • Which are IP addresses of C1 and C2? The two networks N1 and N2 are in the same location? Commented Nov 13, 2012 at 11:14
  • Where is your IPv6? Commented Nov 13, 2012 at 14:10
  • 1
    For one thing, IPv6 completely eliminates this entire class of problems. Commented Nov 13, 2012 at 23:07

1 Answer 1

2

One simple way is to use a third server which is accessible on the Internet (having a public IP address). Do a reverse connection from C2 to this server (I'll call it M for Middleman) (Use option -R). This will basically open a new port, say, port 8000 on M, whatever connects to M:8000 will be forwarded to C2 on port 22.

Next, simply connect to M:8000 to get to C2.

You can view this question for more information: SSH Port Forwarding

4
  • We've got a server on N1 (same subnet as C1). So basically I'm telling the two computers (C1 and C2) to connect to S1 which serves as some sort of proxy? Commented Nov 13, 2012 at 9:57
  • Yes. But S1 must be public accessible to both C1 and C2. Note that this is the most 'official' and stable way. If you by some reason cannot afford such a server, some 'hacks' like this must be employed, and to be honest I doubt the stability of such hacks. (Also I assumed that both N1 and N2 uses private subnets and is connected to the Internet through NAT, hence your question) Commented Nov 13, 2012 at 11:58
  • You are correct about S1, it is indeed publicly accessible. Both N1 and N2 use NAT and are private - N1 (where S1 lies) has a static IP, while N2 does not. Commented Nov 13, 2012 at 14:21
  • Then I think you're all set! However, you should read up on the private addressing though, it's one concept that is useful to know. Here is the Wikipedia page. Commented Nov 13, 2012 at 18:33

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.