Remote SSH into your home desktop
Things you’ll need:
- A dynamic DNS service
- A router
- A local desktop
- A remote computer
Audience for this post: people who have used SSH before.
Often times I have found myself wanting to access a computer at home while I am traveling. There are options like TeamViewer, which let me control my computer’s screen from afar. But, I want something more convenient over the command line, like SSH. That way I can drop in and out of my home machine without breaking my flow.
The problem is that internet service providers (ISPs) do not usually assign static IP addresses to their customers’ routers. I need to know my router’s IP before I can SSH into it.
Enter, dynamic DNS (DDNS) services like NoIP. They do IP address tracking for you. All you need is this:
- create an account with them,
- get a domain name, like
- run a provided application that will periodically report the IP address of the machine it is running on,
- use the domain name to ssh into your machine
Some routers, like mine, have built-in support for DDNS, so you do not need to run any new application.
Exposing your home computer carries safety risks. There are several mitigation measures:
- Disable password logins. Use private keys instead.
- Do not use the default port 22 for SSH logins. Instead have the router forward another port to the port 22 of your local machine.
- Use applications like fail2ban to block IPs making spurious login attempts.
- Instead of directly logging into your desktop, log into a gateway machine like a Raspberry Pi. Then log into your desktop. You can do this manually, or use ssh
SSH setup on windows. To make the SSH server start on login, make it a service:
The location of ssh server configuration files is
/etc/ssh/sshd_config on Linux, and
$env:PROGRAMDATA\ssh\sshd_config on Windows.
Add your public keys to
~/.ssh/authorized_keys. Also, on Windows, users with admin priveliges are added to
~/.ssh/config file, so you can log in like
ssh desktop instead of
ssh user@host:port -option -option. Ugh! Like so:
So now, when I
ssh desktop, I will connect to
SOMETHINGMINE.ddns.net, which will point to the last recorded IP of my router. My ssh client will look at port 1776, which the router will forward to port 22 of my desktop’s local IP address.