Access to SSH remotely

hani · November 20, 2019, 1:44pm

Hi,

Please how can I access to SSH remotely from other computer and other network I try to setup ddns noip but I can only access from the same network not other network

eduperez · November 20, 2019, 2:24pm

Check that you can resolve the external IP correctly, using the name, from a device outside your network.

Check that you have port 22 open on the WAN side, and dropbear is listening on the WAN interface.

hani · November 20, 2019, 2:38pm

I need to open 22 port from ISP router also ?

lleachii · November 20, 2019, 2:51pm

If your OpenWrt is downstream of another border router, then yes - you must add a port forward on that device. You also must allow inbound on the OpenWrt.

Borromini · November 20, 2019, 3:16pm

It's security by obscurity but if you're exposing your SSH daemon to the internet, consider using a high port (definitely not the default 22) and enforcing SSH keys for remote logins.

Dropbear can run multiple instances just fine so your local port could still be 22 and allow password authentication, while your high random port for WAN can be restricted to key-only logins.

hani · November 20, 2019, 3:23pm

There is a solution to access to openwrt port without open a port in the ISP router ?

lleachii · November 20, 2019, 3:34pm

VPN
Tor routing

I know of no other way to open a port - without opening it.

hani · November 20, 2019, 3:40pm

Thanks for the solutions you have a tutorial how can I setup a VPN in openwrt and how connect to ssh after ?

Borromini · November 20, 2019, 3:44pm

Wireguard is pretty easy to set up all in all, for a VPN.

jeff · November 20, 2019, 4:04pm

You would need a server on which to run WireGuard outside of your network as a rendezvous point. A “VPS” (virtual private server) can be “rented” for around US$5 a month. Your local WireGuard would peer with the VPS and the could run another peer with your remote device(s).

It would also be possible to port-forward an SSH listener to the VPS. Personally, I find the utility of a WireGuard peer for my public traffic a valuable “bonus” of using WireGuard for the purpose.

hani · November 20, 2019, 4:06pm

I have already a VPS I will try to setup WireGuard in the server and in the openwrt

Borromini · November 20, 2019, 4:42pm

@jeff What would he need the VPS for? One can just run Wireguard on a normal client?

hani · November 20, 2019, 4:49pm

I Install Wireguard but I don't no why I will use the vps I don't found a tutorial for that

jeff · November 20, 2019, 4:55pm

As I understood it, the ISP-supplied router can’t be configured for port forwarding, preventing inbound connections.

lleachii · November 20, 2019, 4:55pm

No, as the OP doesn't want to/can't open ports on the border router.

Borromini · November 20, 2019, 5:07pm

Yep never mind me.

hani · November 20, 2019, 5:27pm

I setup the Wireguard now but how can access to the router remotely ?

Thanks

Borromini · November 20, 2019, 5:58pm

By using your VPS as the 'server' and your router as the 'client'.

That way you don't need to open a port on your ISP's modem.