ssh to multiple computers on local network

I have two linux machines, one windows, and two os x machines I would
like to ssh to. I have one IP address supplied to me by my ISP, and my
linksys router gives all the machines local addresses in the
192.168.1.xxx range. Right now I can ssh from outside my LAN to one
machine by configuring the router to port forward the request to a
certain machine on the network. However, is there any way I can choose
which computer I want to ssh to when I'm outside of my LAN?

Thanks in advance

-john



jrp

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

jrp wrote:
> I have two linux machines, one windows, and two os x machines I would
> like to ssh to. I have one IP address supplied to me by my ISP, and my
> linksys router gives all the machines local addresses in the
> 192.168.1.xxx range. Right now I can ssh from outside my LAN to one
> machine by configuring the router to port forward the request to a
> certain machine on the network. However, is there any way I can choose
> which computer I want to ssh to when I'm outside of my LAN?
>
> Thanks in advance
>
> -john
>

It's not possible to use the same port to access different computers
behind a NAT router from outside. And you don't want your router to be
configurable by everyone, so you can't change the port forwarding
settings from outside.
However, you can forward different ports, maybe 22 to 26 (if they aren't
used, i.e. 23 is telnet) to your computers. Then you forward each port
to one computer, and set them up to listen on the right port. And from
the outside, you could access every computer by using its port.

Another possibility would be to ssh from a computer inside your network
once you've logged in it from outside. I mean, you log in on one
computer (always the same, because of port-forwarding), and from this
one, you log on the other system. It's a little 'bricolage', and using
sftp for instance would be more difficult.

NAT routing has been invented to 'hide' many private IPs behind a public
one, and that makes it difficult from outside to get in.

I hope this will help a little.

Greets
Bram4

- --


BIG BROTHER IS WATCHING YOU
www.anti-dmca.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)

iD8DBQFCZBAJsv7ahDE9W98RAtFnAJkB6RisUsuMx3Sj5jNbW/OjrTQz+wCghDAm
q9q15aXFaEAHxyBmSTIMeaQ=
=NKU8
-----END PGP SIGNATURE-----

jrp wrote:
> I have two linux machines, one windows, and two os x machines I would
> like to ssh to. I have one IP address supplied to me by my ISP, and my
> linksys router gives all the machines local addresses in the
> 192.168.1.xxx range. Right now I can ssh from outside my LAN to one
> machine by configuring the router to port forward the request to a
> certain machine on the network. However, is there any way I can choose
> which computer I want to ssh to when I'm outside of my LAN?
>
> Thanks in advance
>
> -john
>
Three ideas:

SSH to one machine, then after logging on, ssh from there to the
machine you really wanted.

Use SSH tunneling - open ssh to the first machine, and use its
tunneling option so that a local port (22 perhaps) will be
forwarded to your target machine. E.g. suppose your public
address is 1.2.3.4, and that machine's internal address is
192.168.0.1. This would be what's configured in your router's
forwarding configuration. Now suppose that you really want to ssh
to another machine, known internally as 192.168.0.2. SSH to the
first machine but open a tunnel , like this:
$ ssh -L 22:192.168.0.2 1.2.34
Now you can open a second ssh through to your second box by
connecting to the local end of the tunnel you just set up:
$ ssh 127.0.0.1

Use a differnt port number to forward to each host. This involves
setting up port translation in the router, maybe a bit like this:
Listen on Forward to
1.2.3.4:2001 -> 192.168.0.1:22
1.2.3.4:2002 -> 192.168.0.2:22
1.2.3.4:2003 -> 192.168.0.3:22
etc.


HTH
Steve

Wow. Thanks a lot for the prompt responses from both of you. I'll
make sure to try these ideas out!

-john