Remote Access without Teamviewer or Hamachi - Part 2 of 2

0

INTRODUCTION

This discussion is a continuation from here: superuser.com/questions/610383/remote-access-without-teamviewer-or-hamachi/610396?noredirect=1#comment755389_610396

I want to remotely and securely access my Raspberry Pi with SSH and VNC. Here's what I'm using:

  • Router: Westell A90-750022-07 (portforward.com/english/routers/port_forwarding/Westell/A90-750022-07/Minecraft_Server.htm)
  • Client: HP DV9000, Windows, Putty (for CLI), tigerVNC-viewer (for GUI)
  • Server: Raspberry Pi, Arch Linux, tigerVNC-server, openSSH

Basically what I found out from the previous discussion (see the first link above) was that I don't need to use VPN software, like openVPN. They said I just need to forward ports.

MAIN PROBLEM

  • I can setup port forwarding and verify with this: www.yougetsignal.com/tools/open-ports

BUT

  • I can't remotely SSH to my server with putty
  • I don't know how to securely connect using VNC and SSH together

========================================================================

MORE INFO - Router Settings

Here's my current setup (screenshots 6 & 7 from the second link above):

  • Protocol: both
  • Start Point: 65432
  • End Port: 65432
  • LAN Port: 22
  • Direction: in
  • Port Direction: dst

Last screenshot from the second link above:

  • Inbound Only Selected
  • Raspberry Pi selected as LAN device with its private IP

MORE INFO - Putty Settings

Note: If your client is an iPhone, you can use vSSH Lite instead of Putty.

  • Destination: Public IP Address
  • Port: 65432
  • Protocol: SSH

See Update 1: I was getting errors here before because I was trying to remotely connect while being on the local network. That's why there's a bunch of comments about SSH and putty below.

MORE INFO - tigerVNC-viewer Settings

Note: If your client is an iPhone, you can use PocketCloud instead of tigerVNC-viewer.

  • Not quite sure where to start on this. I'll be doing research on it though...

See Update 2

Update 1

I made a big mistake with putty: Apparently you can't SSH from a client on your home network to its public address. Thanks everybody for your feedback. I really appreciate the time you all put into helping me out. Sorry I made such a goofy mistake!

Edit: According to TheReddog's comment below, this might actually be possible with something called "IP Passthrough" but since I was able to successfully connect with putty, I didn't really look into it.

Now I just need to figure out how to do the same exact thing with a securely connected VNC client...

Update 2

I think I got tigerVNC-client to work securely. I followed these two guides:

  1. Use the vncserver in linux to start localhost only VNC session - https://wiki.archlinux.org/index.php/Vncserver#Securing_VNC_Server_by_SSH_Tunnels)
  2. Make a tunneled putty client connection. Then start a "local" VNC client session - http://www.maths.utas.edu.au/People/Hill/vncvnc-html

To summarize the findings in these two links: Basically the first link explains everything. According to the information under the heading "On the Server", do this:

  • vncserver -geometry 1440x900 -alwaysshared -dpi 96 -localhost :1.

Then, under the heading "On the Client", the instructions explain how to connect VNC tunneled through SSH in linux.

  • SSH command: ssh IP_OF_TARGET_MACHINE -L 8900/localhost/5901
  • VNC command: vncviewer localhost:8900

The second link basically shows you how to do the client SSH command with putty and the client VNC command with a VNC viewer in Windows instead.

Can I get confirmation that this is secure?

Rhyknowscerious

Posted 2013-06-21T23:58:57.380

Reputation: 334

Silly question, but is SSH enabled on your Raspberry Pi on port 22? In other words, can you connect on your intranet to it? – ernie – 2013-06-22T00:05:11.243

A good question @ernie. I can connect with putty from a windows computer running putty via the local network, using a local address like 10.0.0.2:22. But I can't when I'm at my neighbor's house across town using putty with a public address like http://74.125.224:65432. Although I can access the network with my iPhone (as described under the Main Problem heading).

– Rhyknowscerious – 2013-06-22T00:11:06.540

Sounds like it should work - things to check would be your router's firewall settings, or if you've enabled the forwarding multiple times, and it's pointing to the wrong intranet address. – ernie – 2013-06-22T00:16:43.560

@ernie Do you think putty is set up right? I just entered the public address and port number 65432 at the top and clicked go. Am I supposed to change the protocol at the top (RAW, Telnet, Rlogin, SSH, Serial) Am I supposed to use the tunnel setting (Connections > SSH > Tunnels)? Am I supposed to use port 22 on my public address? – Rhyknowscerious – 2013-06-22T00:22:00.463

your putty sounds fine. some ISPs block ports in the uppermost ranges, when they are not part of an existing connection, so that may be part of it. try somthing less than 10000 like 7634. other than that, the issue is likely one of the following: router or server firewall, your NAT rule is malformed, or the service is denying the connection (see reddogg's answer). since the open port tool worked, I'm inclined to believe the last. – Frank Thomas – 2013-06-22T05:25:19.707

Hey everybody I just did some updates to the main post and just want to know if somebody can confirm the validity of my Update 2 proposed solution. – Rhyknowscerious – 2013-06-22T20:55:11.213

Answers

0

On the Raspberry Pi server do you have the public ip configured as a listener? Openssh by default will only accept connections destined for the ip specified on the NIC.

Check out the 6th option on this page for how to add it. http://www.thegeekstuff.com/2011/05/openssh-options/

TheReddogg

Posted 2013-06-21T23:58:57.380

Reputation: 1

Well, since I can SSH from across town on my iPhone with ServerAuditor, I would not like to mess with the config file until I know that I set up putty correctly for sure first. Do you know how to set up putty for connecting to servers from outside the server's network? I can setup and connect from inside the network, but not outside (with putty). – Rhyknowscerious – 2013-06-22T01:53:58.470

1the client shouldn't know theres a NAT in play, so as long as your nat rule works, you should not need additional configuration (eg: your client believes the server exists on your public IP address and doesn't know theres a network behind it). – Frank Thomas – 2013-06-22T05:22:24.820

What address are you using in ServerAuditor? The internal or Public address? – TheReddogg – 2013-06-22T06:28:43.777

For your setup, putty will work the same both internally and externally. I believe this is what Frank said. So the only thing making me scratch my head is how your iphone works, while nothing else outside the network does. If you don't want to touch the config, be sure you're using the public ip address in server auditor. – TheReddogg – 2013-06-22T06:34:12.503

If you're still not getting a connection let us know, and I'll post a list of diagnostics for you to try. – TheReddogg – 2013-06-22T06:35:31.633

Actually some routers do allow you to connect to your public ip. It's called "IP Passthrough." Cisco routers and by extension Linksys routers will typically have this feature. – TheReddogg – 2013-06-22T06:42:03.363

@TheReddogg Thanks for all the help. I looked at my router, briefly, and didn't see an IP Passthrough setting. So, after getting putty to work locally, I just drove to Taco Bell and changed the private IP address with the Public address and then Putty worked. – Rhyknowscerious – 2013-06-22T19:51:41.510

Asked: 2013-06-21T23:58:57.380

Viewed: 1 410 times

Active: 2013-06-22T22:44:14.463