Setting your pc for remote access

I’m not sure I need it. Maybe you will. It is an exercise in excess. I rarely need something from my home PC because nowadays it’s so easy to store things in the magical cloud. Still, it’s a nice exercise.

I have set up remote access on Void Linux and I will describe the process of doing so for that OS. You might encounter some problems if you are using Windows… but if you do you have bigger things to worry about (writing this around the time M$ update for Windows bricked some users’ computers.

Open up to the world

I hope you understand the basic idea behind a typical home network and the process of port forwarding. I’m not going to explain those. Port forwarding looks different depending who made your router (I mean it’s different because the graphical user interfaces of the routers differ…).

mosh

So for this project I’ve forwarded two ports to my PC. Why two? Because I wanted to test mosh. mosh stands for mobile shell and in short it does the same as ssh but provides way better user experience. It’s a great tool and I encourage you to read more on why it’s so good.

To make it work there are several things that you have to do:

Configure and start your sshd server. To start it you should add it to your service manager. Since I’m using Void Linux I had to link sshd folder:

ln -s /etc/sv/ssh /var/service

And start it with:

sv start sshd

Configuration means editing /etc/ssh/sshd_config file. First I changed the port for ssh, then I turned off the password authentication:

...
Port 1024
...
PasswordAuthentication no
...

And that’s it. You should restart the service and it should listen to ssh connections on the specified port. If you are wondering why did I change the port, I did that because standard port 22 is being constantly probed by bots so it’s a good idea to not use it.

You can now test ssh connection by just opening a terminal and typing:

ssh username@localhost -p 1024

Remember though that if you have turned of the password authentication you won’t be able to log in if you didn’t generate a key. To do that use ssh-keygen program then add it to your ssg-agent with ssh-add command. I’m not going to go into generating and adding a key. I might feel this part in one of these days.

Ok, mosh. If you have installed it both on the client machine (you can even use JuiceSSH app on your phone for testing) you can use just as you would use ssh. In order to use it from outside of your local network you have to understand how it works.

What mosh does is that it first connects through ssh. Then it starts mosh-server on the target machine, it logs out from the ssh session and establishes a new UDP connection on a random port from [60000:61000] range.

That’s why I’ve forwarded two ports to the machine in my local network. One for the ssh sessions and one for mosh specific UDP session. Since the ssh server has been set to a custom port mosh will fail at the start because it will try to go through the default port 22. To start a mosh session with a custom ssh port you would type:

mosh username@localhost --ssh="ssh -p 1024"

If your ssh connection worked this should work too. If it did you now know that mosh logged into your machine through ssh, started mosh-server, disconnected and started a new connection on some other port. Well in this case this second port is not that important. It is when you log from outside of your network. You could have forwarded all of the ports in the range mosh uses directly to your machine but that seams excessive. As I’ve said I’ve redirected only two ports. In order to use those I have to run:

mosh username@localhost -p 1025 --ssh="ssh -p 1024"

The -p 1025 parameter tells mosh to start the UDP session through this specific port.

One last thing is to add a name to our gateway/router in the global network.

Duck DNS

Thing is your ISP changes your IP address regularly unless you pay for a static IP. Fortunately you can use a free service which gives you a hostname. Since this service binds a name to the IP of your router and the IP changes it wouldn’t work if you didn’t periodically tell this service what’s your new IP.

The service I’m using is Duck DNS. It’s free and it doesn’t require any maintenance. Their website is really simple. I won’t be describing how to create a domain name and how to install their service on your PC. The website has all the information you need.

If you did register a domain and installed their script, which updates your IP, you can use it like so:

mosh username@domainname.duckdns.org -p 1025 --ssh="ssh -p 1024"

…and you should be in. Just take you laptop and try to log into your PC from the Starbucks around the corner.