Access to SSH remotely


Please how can I access to SSH remotely from other computer and other network I try to setup ddns noip but I can only access from the same network not other network

Check that you can resolve the external IP correctly, using the name, from a device outside your network.

Check that you have port 22 open on the WAN side, and dropbear is listening on the WAN interface.

I need to open 22 port from ISP router also ?

If your OpenWrt is downstream of another border router, then yes - you must add a port forward on that device. You also must allow inbound on the OpenWrt.

1 Like

It's security by obscurity but if you're exposing your SSH daemon to the internet, consider using a high port (definitely not the default 22) and enforcing SSH keys for remote logins.

Dropbear can run multiple instances just fine so your local port could still be 22 and allow password authentication, while your high random port for WAN can be restricted to key-only logins.

There is a solution to access to openwrt port without open a port in the ISP router ?

  • VPN
  • Tor routing

I know of no other way to open a port - without opening it.

Thanks for the solutions you have a tutorial how can I setup a VPN in openwrt and how connect to ssh after ?

Wireguard is pretty easy to set up all in all, for a VPN.

1 Like

You would need a server on which to run WireGuard outside of your network as a rendezvous point. A “VPS” (virtual private server) can be “rented” for around US$5 a month. Your local WireGuard would peer with the VPS and the could run another peer with your remote device(s).

It would also be possible to port-forward an SSH listener to the VPS. Personally, I find the utility of a WireGuard peer for my public traffic a valuable “bonus” of using WireGuard for the purpose.

1 Like

I have already a VPS I will try to setup WireGuard in the server and in the openwrt

@jeff What would he need the VPS for? One can just run Wireguard on a normal client?

I Install Wireguard but I don't no why I will use the vps I don't found a tutorial for that

As I understood it, the ISP-supplied router can’t be configured for port forwarding, preventing inbound connections.


No, as the OP doesn't want to/can't open ports on the border router.

1 Like

Yep never mind me.

I setup the Wireguard now but how can access to the router remotely ?


By using your VPS as the 'server' and your router as the 'client'.

That way you don't need to open a port on your ISP's modem.

1 Like