Brad McAfee
asked on
Ubuntu and SSH Setup
Can you someone provide guidance to setup SSH on Ubuntu Server running a small home network securely so we can remotely do work on our pIHole?
Last Comment
The above link Afthab provided walks through the steps + keep in mind, this will likely only allow connections into your machine from other machines local to your internal home network.
Most ISPs block incoming connections to listening servers for residential clients.
Most ISPs block incoming connections to listening servers for residential clients.
There are ways around this, so if you require connections to your home machine from other machines outside your local home network, close out this question + open another question about enabling this type of access to your home machine(s).
Most ISPs block incoming connections to listening servers for residential clients.
While most ISPs don't officially want you to run servers, I have yet to encounter any that will block ports specifically to prevent you from operating a personal server. I would still not put ssh on the default port 22 if you want it accessible on the internet. The default port should be changed to something above the reserved ports (1-1024) to keep the scripts from inundating the logs.. If it's just for the internal network and it's not going to the internet, then it's fine to leave it on port 22.
Every US ISP I've ever used has either sent letters to desist or we'll shut off your connection.
Or just quietly blocked all listeners (incoming packets).
Or listeners work for a while, then get quietly blocked.
One trick you can use is to look for ISP scanners + block the scanners. This sometimes works... for a while...
You will also have the other problem, of IPs. Each time your ISP changes your IP upstream, you'll have to be sure to propagate this to your DNS system somehow... using some sort of dynamic DNS system.
Or just quietly blocked all listeners (incoming packets).
Or listeners work for a while, then get quietly blocked.
One trick you can use is to look for ISP scanners + block the scanners. This sometimes works... for a while...
You will also have the other problem, of IPs. Each time your ISP changes your IP upstream, you'll have to be sure to propagate this to your DNS system somehow... using some sort of dynamic DNS system.
@serialband: some sites will scan ALL ports and report what they provide on it. So "attempting to hide behind uncommon prorts is NOT sufficient"
A simple connect will reveal for most servers what server is present and who protocol it follows.
A simple connect will reveal for most servers what server is present and who protocol it follows.
You guys must just live in the wrong towns. I have not been blocked in the 19 years since DSL first came on the scene.
Be great if the author can mention if you expect connections from outside your network or only inside.
If all connections are only inside your network, then you can do anything you like, with no ISP considerations.
If all connections are only inside your network, then you can do anything you like, with no ISP considerations.
I've never had an ISP block SSH or have an issue with it.
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Some services are banned by ISP's though. I know (from experience) at least 2 in over here that block SMTP except through their services.
(so you cannot run a mailserver , not even receiving) from home.
Same ISP's also block VOIP, as you need to use THEIR voip. (They do provide business accounts at about 10 times the basic rate, those are free to run services).
Obviously you can run SMTP on port 2500 if you like, it will only never receive anything.
SSH on a different port also will work (except 5060 ish, or 25, 587, ... ).
(so you cannot run a mailserver , not even receiving) from home.
Same ISP's also block VOIP, as you need to use THEIR voip. (They do provide business accounts at about 10 times the basic rate, those are free to run services).
Obviously you can run SMTP on port 2500 if you like, it will only never receive anything.
SSH on a different port also will work (except 5060 ish, or 25, 587, ... ).
Also HTTP/HTTPS/DNS are usually blocked by most ISPs.
Networking
Networking is the process of connecting computing devices, peripherals and terminals together through a system that uses wiring, cabling or radio waves that enable their users to communicate, share information and interact over distances. Often associated are issues regarding operating systems, hardware and equipment, cloud and virtual networking, protocols, architecture, storage and management.
102K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
https://linuxize.com/post/how-to-enable-ssh-on-ubuntu-18-04/