Niki Kovacs wrote:
Les Mikesell a écrit :
You don't really need to change the ports on the hosts. Just configure the router to accept different ports on the internet side and redirect to port 22 at the different IP addresses on the inside. Then you only have to change the client settings for access from outside. I'd move both of them away from port 22 on the outside, though - you'll avoid a lot of password guessing attempts that will happen otherwise.
Sorry, but I don't quite follow you. (One of these cases where I feel my IQ is just a bit insufficient :oD)
How can I possibly access two distinct machines behind one single IP address when they run SSH on the same port ?
The router configuration for port forwarding should let you specify the port to accept on (where each does have to be different because of the single IP) and then the IP and port for redirection. Since the inside targets have different IPs, it doesn't matter that they have the same port. At least most routers work this way - you can redirect to a different port on the inside but they may have a different config section for 'custom' forwarding and a simplified one that just sends a service port to the same port on one inside target.
Or, I'll reformulate my question more simply.
I have a router with *one* public IP address (213.41.141.252). And behind that router, on the local network, I have two different machines: 192.168.1.2 and 192.168.1.3.
Is there a (normal, orthodox) way to SSH into these machines directly from the outside? That is, without logging into the main box and then hopping around internally? Something where in one case, ssh 213.41.141.252 -option gets me into machine A, and then ssh 213.141.141.252 -otheroption gets me into machine B.
Yes, just pick different port numbers for the router to redirect to port 22 at each internal IP. Then everything works normally internally and externally you use 'ssh -p nnn public_address' where your port number will be the one redirected to the internal machine you want (and the NX client also has a place in the config screen to set the port number).
Another option if most of your outside access is from a single location or from a laptop would be to set up openvpn to one of the inside machines, configuring the router to pass a single udp port for it. Then you can treat it like a routed subnet with normal access to all services. But, if you use freenx it doesn't make much difference because the session runs over ssh and the desktop will have 'inside' access anyway.