Have you ever wanted to remote SSH to your home or office server or a RaspberryPi or any IoT device that sits behind NAT?
Your home or office server or the RaspberryPi doesn’t have a public IP address. It has only a local IP address. So it is not visible from the internet.
You may use the home or office internet router’s public IP address to reach your home or office server or the IoT device using NAT.
But it involves configuring your internet router and opening up ports to accept connections from the internet from anyone. This is a tedious and insecure method.
Moreover the IP address of your internet router keeps changing frequently due to DHCP dynamic IP address assignment. You need to run a dynamic DNS service to constantly re-learn your new Public IP address and update it to your DDNS service provider.
An easy and secure way to connect to your home or office server is to create reverse SSH proxy tunnel to your home or office server using SocketXP.
This document will show you how to set up reverse SSH proxy tunneling using SocketXP. This is a very secure and safe method to login to your home or office computer from the internet, as it uses SSL like public private key encryption.
Install SSH Server
In order to SSH to your home or office server or the IoT device, first install and configure a SSH server in it. Follow the instructions below to install and setup a SSH server on your machine:
sudo apt update
sudo apt install openssh-server
On CentOS & RedHat:
sudo yum install openssh-server
After installing the SSH server on your system, use the following command to kickstart the SSH server daemon.
sudo systemctl enable sshd
sudo systemctl start sshd
Download and Setup SocketXP Client
The SocketXP client will create a secure TCP proxy tunnel from your home or office server to the SocketXP Cloud Service.
SocketXP Cloud Service will inturn provide a public tunnel endpoint to access your home or office server.
This way you don’t have to modify the firewall settings in your office or home internet router to allow connections from the internet to your home or office server.
Any misconfiguration of your router could potentially open up your home or office network to attackers from the internet.
Moreover, you don’t need to keep track of the public IP address of your home router that keeps changing frequently due to DHCP dynamic IP address assignment.
Configure a Secure Tunnel
Use the below command to connect the SocketXP client with the SocketXP Cloud Service. SocketXP Cloud Service will provide a secure public tunnel endpoint to access your home or office server.
$ socketxp -connect tcp://localhost:22
Tunnel Access -> tunnel.socketxp.com:35277
Accessing your Server
Now you can SSH into your home or office computer from anywhere in the world, via the SocketXP Cloud Service public tunnel endpoint.
Use the username and password your have configured in your home or office computer to login to your SSH server.
$ ssh firstname.lastname@example.org -p 35277
The solution discussed in this article is a secure method to remote SSH into your home or office computer because the data is encrypted using SSL.
SSH uses the same cryptography technology used by banks and governments to exchange highly confidential data over the internet.
The data transferred gets encrypted end-to-end between the SSH client and the SSH server.
SocketXP has no way to decrypt or eavesdrop your data. SocketXP acts as a mere TCP proxy server for your encrypted data transmitted in the SSH connection.