Posted: Thu May 17, 2007 18:55 Post subject: dd-wrt, PuTTY, No-IP and Ubuntu server
My goal is to be able to SSH using PuTTY to my Ubuntu server at home which is behind a dd-wrt Linksys router.
Last night I installed the No-IP client on my Ubuntu server at home (from the command line... joy).
Today I added JoeyJoeJoesUbuntuServer.no-ip.biz as a host on www.no-ip.com. I use No-IP to access my router's web interface from work, no problem (using https and port 8080).
I set Port Range Fowarding of port 22, TCP/UDP to the statc IP address of my Ubuntu server.
At work installed PuTTY and tried to open a session to JoeyJoeJoesUbuntuServer.no-ip.biz on port 22.
When it connected, I was prompted with 'login as:' and when I entered a username, I got information about DD-WRT (DD-WRT v23 SP2 std (c) 2006 NewMedia-NET.... etc, etc.). No combination of username/password from either my Ubuntu server or dd-wrt router would work. Always 'Access denied'.
It seems port forwarding is not working on the dd-wrt? Or is it a no-IP client issue?
You've got remote ssh login turned on your router. Either turn it off, or move it to another port so that it doesn't collide with the port 22 forward to your computer.
You could also forward a different port on your router to port 22 on the Ubuntu server using dd-wrt's port forwarding facility. Then specify the selected port in PuTTY for the ssh protocol.
Disabled remote ssh login on dd-wrt. D'oh! I'm all set now Thanks guys.
Another (naive) question re:PuTTY.
I log with PuTTY in remotely using my server name and port 22. PuTTY tells me that it doesnt' recognize the key and do I want to accept it. I type 'yes' and I'm off to the races.
I've never entered a key on the PuTTY side before logging on to my Ubuntu server.
What will stop anyone from using PuTTY and hitting my server?
Absolutely nothing stops anyone from using putty (or any other ssh client) to try and log into your server. There are a few ways to make things safer, and the first thing to do is make sure you have a *secure* password. You can also use trusted keys, only allowing someone who has a "key" to login (they also have passphrases). You could run ssh on an odd port, reducing the risk via "obscurity" and you might also even have fun getting a "port knocker" working.
That works by opening port 22 only *after* you (for example) try to open port 3445, then 4456, then 8872. Security thought... combination lock using ports? Dunno anything about setting this up on dd-wrt though. I personally just use strong password and an "odd" port, haven't really had any problems.
