Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: How to reach a server?

  1. #1
    Join Date
    Jun 2006
    Location
    Austrian in Taiwan
    Beans
    Hidden!
    Distro
    Ubuntu 18.04 Bionic Beaver

    How to reach a server?

    I got a special challenge:

    I have setup an Ubuntu Server locally. This server (no graphic) will be moved to another place. How can I reach that server?
    I do not know the IP address of that new place. And the people there are farmers and now exactly that much about computers!

    I am looking for a more or less plug and play solution.

    Teamviewer could work, but I have no graphic, or does Teamviewer also work without graphic?

    I could use a dyndns service. Which one would you recommend and how to setup this on the server?
    Here I still face the challenge, that the router must forward the port 22 to the machine.
    I am from the government, I am here to help you! Just ask!
    And don't expect more to be happen than with any other government!

  2. #2
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: How to reach a server?

    I've never done it, but look into ssh reverse connections. That might work. Without the ability to open a port on the router, you are fighting an uphill battle. If you are providing the router too, then you could pre-configure that stuff and just need a ping-tool to know which IP it ends up at.

    Also - load fail2ban, don't listen on port 22, and only use key-based ssh authentication. http://blog.jdpfu.com/2011/08/23/sec...cking-failures
    Last edited by TheFu; October 20th, 2014 at 02:35 PM. Reason: added ssh security link

  3. #3
    Join Date
    Sep 2006
    Beans
    8,627
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: How to reach a server?

    Quote Originally Posted by TheFu View Post
    I've never done it, but look into ssh reverse connections. That might work. Without the ability to open a port on the router, you are fighting an uphill battle. If you are providing the router too, then you could pre-configure that stuff and just need a ping-tool to know which IP it ends up at.

    Also - load fail2ban, don't listen on port 22, and only use key-based ssh authentication.
    For reverse connections you do need a second server or other machine with a stable address, either hostname or ip address. The hostname can be dynamic, that doesn't matter, just as long as the farmers' machine can reach it. I've used reverse connections, they are not hard. But if you use them, you will either need an automated connection so that the connection comes up when the machine boots or else something for the farmers to run or click on that can be done by following instructions on a paper or something.

    It is less complex to just use a dynamic DNS hosting service and then just log into their machine as needed. DynDNS is gone, as a free service, but thete are others:

    https://help.ubuntu.com/community/DynamicDNS

    There is a script you can install and configure to keep the machine's address up to date. It is called ddclient and is in the repository. Though with some services you should be able to get away with plain wget. Here is an example (don't mind the other text)

    http://wiki.ubuntu-fi.org/Dynaaminen_DNS

    And +1 for keys and such. The service will be found and probed regardless of port, but the logs will be quieter.

  4. #4
    Join Date
    Jun 2014
    Beans
    21

    Re: How to reach a server?

    Hi!

    You have here an example of the reverse ssh tunnel.
    http://www.alexonlinux.com/reverse-s...ind-nat-router

    If you don't have a server with static IP, you can do this with dynamic DNS on both sides and a cronjob running on the machine @farm every 30 min or so. You can do a script to check if there's a connections, and if not, create one and run it every 30 min or so.

    Just and idea!

    Cheers,
    Hugo.

  5. #5
    Join Date
    Nov 2008
    Location
    Boston MetroWest
    Beans
    16,326

    Re: How to reach a server?

    I solved this problem with OpenVPN using a shared private key. The remote machine was configured as an OpenVPN client that started at boot. When the machine came up, it connected to my public server in the cloud. Then I had a full-time tunnel to the remote machine.

    SSH tunneling is an alternative, but I like having a full connection to the remote machine rather than just a few forwarded ports.
    If you ask for help, do not abandon your request. Please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  6. #6
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: How to reach a server?

    I'm loving all this help!

    All these solutions mandate 1 side of the connection having a static IP. The "server" must have a static IP on the LAN, regardless.

    OpenVPN may be more complex than wanted, but in a simple configuration, it is relatively easy. The farmers would be the client and you would run the server. Wish my openvpn setup were just simple (not multi-user, multi-access restricted) one. Alas, there are different classes of users who need access to different internal subnets which mucks up the configuration.

    My intent with the reverse ssh connection was just for the initial install - I'd use that to setup normal ssh server, dynamic-DNS and open the firewall/router port from the inside. Then it would be a normal ssh connection going forward. There are many interesting ssh settings that are helpful for this stuff. http://blog.jdpfu.com/2014/09/23/you...-ssh-about-ssh - like changing the timeout or auto-reconnect.

    When I needed to do this with "Mom's" system, I just lived without remote access for the month before I could get there and set things up. There was a Windows-nerd onsite, but he wasn't ready to handle editing network files or forwarding router ports. It was best that everything waited until I could get there.

    BTW - DNS services are about $20/yr, so not completely unreasonable if a paid version is needed. I've seen VPS servers for $14/yr, if the reverse ssh as a proxy needs a server on the internet to connect.

  7. #7
    Join Date
    Sep 2006
    Beans
    8,627
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: How to reach a server?

    Quote Originally Posted by TheFu View Post
    All these solutions mandate 1 side of the connection having a static IP. The "server" must have a static IP on the LAN, regardless.
    Yes, the server should have a static ip or hostname, I guess that's part of the usual definition of a server, but even if it doesn't the OpenVPN and reverse SSH options can get by with ELMIT's having even a dynamic DNS address.

  8. #8
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: How to reach a server?

    Quote Originally Posted by Lars Noodén View Post
    Yes, the server should have a static ip or hostname, I guess that's part of the usual definition of a server, but even if it doesn't the OpenVPN and reverse SSH options can get by with ELMIT's having even a dynamic DNS address.
    Correct as usual, Lars.

    I don't assume people have just 1 or 2 devices on a network.

    All my machines/VMs get static IPs on their home network. If they need DHCP (laptops and other portable devices or where the setting page sucks to use (roku, entertainment devices, etc), then DHCP reservations are setup on the router. Only guest devices or freshly installed VMs use floating DHCP addresses on our network. It makes all sorts of things easier - mainly DevOps stuff like centralized patching, but NFS, CIFS, remote desktops, the list can go on and on and on.

  9. #9
    Join Date
    Nov 2008
    Location
    S.H.I.E.L.D. 6-1-6
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: How to reach a server?

    Quote Originally Posted by SeijiSensei View Post
    I solved this problem with OpenVPN using a shared private key. The remote machine was configured as an OpenVPN client that started at boot. When the machine came up, it connected to my public server in the cloud. Then I had a full-time tunnel to the remote machine.

    SSH tunneling is an alternative, but I like having a full connection to the remote machine rather than just a few forwarded ports.
    +1 for OpenVPN

    If you dont have another server with OpenVPN, you can just rent a VPS for around $3-4/mo.
    Don't waste your energy trying to change opinions ... Do your thing, and don't care if they like it.

  10. #10
    Join Date
    Jun 2006
    Location
    Austrian in Taiwan
    Beans
    Hidden!
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: How to reach a server?

    Quote Originally Posted by SeijiSensei View Post
    I solved this problem with OpenVPN using a shared private key. The remote machine was configured as an OpenVPN client that started at boot. When the machine came up, it connected to my public server in the cloud. Then I had a full-time tunnel to the remote machine.

    SSH tunneling is an alternative, but I like having a full connection to the remote machine rather than just a few forwarded ports.
    Can you guide me how to setup OpenVPN for that?

    I have to connect to multiple such remote machines.
    What do I need to install on the remote machine, what on the remote server and what on my machine, which wants to reach the remote machines?

    A B C (Remote machines)
    \ | /
    \ | /
    \ | /
    Remoter server with fix IP
    |
    |
    |
    Nat (with fixed public IP)
    |
    My home computer

    Which ports do I need to open and where?
    I am from the government, I am here to help you! Just ask!
    And don't expect more to be happen than with any other government!

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •