Thursday, 1 August 2013

How to access your home network from anywhere safely

I have been asked by friends and colleagues how to do this on a number of occasions so I thought I would put a step-by-step guide together.

Why would you want to do this??

There are a number of reasons that I do this on a regular basis. Here are some:
  1. RDP to my Windows VM at home
  2. Browse the internet safely from an unsafe location (eg. airport, internet cafe)
  3. Look for files on my NAS
  4. Download or upload files to my NAS
  5. Start a download whilst I am not home so it is finished when I get home
  6. Remote access to my home lab environment
  7. Circumvent the security of the network I am currently connected to (eg. Facebook/ebay/etc. at work)
If this sounds like something you need to do then read on...

Things you will NEED

  1. SSH server (physical computer, old laptop/netbook, apple tv, NAS, old android phone)
  2. Router that is configured to forward SSH traffic to your server
  3. Static IP address OR a DDNS hostname (something like dyn.com/dns or www.noip.com. There are heaps of options)
If you already have these things set up then go on to How to use

Setup

Set up your SSH server. The example I will give here is for Ubuntu but should apply to most distros.
  1. Install Ubuntu (I wont cover this since Ubuntu do an excellent job of that themselves here)
  2. Set a static IP address for your server on your LAN eg. 192.168.0.x
  3. Install OpenSSH Server (Again Ubuntu doco is excellent)
  4. Forward traffic coming from the internet on port 22(SSH port) to your the internal IP address you previously assigned to your SSH server.
    • The process to do this is different for all routers, have a look at your routers doco or google it
  5. OPTIONAL: A lot of networks will block traffic leaving on port 22, this will mean that you will not be able to SSH to your home server if you are listening on the standard port. The solution to this is to make your SSH server listen for connections of port 443(SSL) I haven't found any networks yet that have 443 blocked. Read below for instructions

Changing the port your server listens on

There are 2 ways to do this:
  • If your router can forward incoming port 443 to your SSH server on port 22, you're in luck. Just set that up and all external traffic on port 443 will be passed to your server on port 22.

  • If your router can't do this port translation then you need to configure it to pass the traffic on 443 to your SSH server, then make your server listen on port 443.
    1. Make a backup of your configuration file using these commands
      sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original
      sudo chmod a-w /etc/ssh/sshd_config.original
    2. Edit your sshd_config file, find the line Port 22, make sure it is uncommented and change the 22 to 443 (you can listen on multiple ports by having multiple Port commands in the config file) I use nano to edit files from the command line, but you could use vim, just remember to sudo.
      sudo nano /etc/ssh/sshd_config
    3. Save the file by pressing ctrl-x, y, enter
    4. Then restart your ssh server. (This won't kill any active SSH sessions)
      sudo service ssh restart
    5. Test that your SSH server is working by typing ssh localhost -p 443. This should prompt you for your password then drop you at a bash prompt. Press crtl-d to exit the session.

How to use this wonderful new thing

From an external network do the following:

Unix - including Mac

If you have an unix based OS then you probably already have all the tools you need to connect to your server. 
  • Open up a terminal (on a mac press CMD+Space, then type terminal, hit enter)
  • Enter into your terminal ssh <your user name>@<your IP or hostname> -p port
    • For example: ssh luke@icitd.com -p 443
    • The -p tells your ssh client to use port 443 for the connection (if you are using port 22 then you can leave this out)
  • The first time you connect you will get asked if you want to add the servers fingerprint to your local known hosts file. Type yes and press enter
  • Enter in your password (Note. no characters will show when you are typing your password, not ever *'s)
  •  .. and you should be connected to your home server :) Give yourself a pat on the back.

Windows

  • Download and install PuTTY - PuTTY download page - Direct link to the installer
  • In the hostname box enter <your user name>@<your IP or hostname>. eg. luke@icind.com
  • In the port box enter the port number you are using (22 is default, 443 if you're following my guide)
  • Click open
  • Enter your password when prompted (Note. no characters will show when you are typing your password, not ever *'s)
  • You should now be connected to your home SSH server :) Give yourself a pat on the back.

Android

  • Open the play store and install ConnectBot
  • Open ConnectBot
  • In the username@hostname:port box enter <your user name>@<your IP or hostname>:<port>, eg. luke@icitd.com:443 (the port can be left off if you are using port 22)
  • Tap Done, enter your password when prompted.
  • You should now be connected to your home SSH server :) Give yourself a pat on the back.

iPhone

  • Your outa luck here. I don't have nor have ever had an iPhone so I can't help you. Your good mate google can probably help out though ;)

Now What?? How do I do all the cool stuff you listed above?

Read the following articles, thats how!

Socks proxy over SSH (safely browse on unsafe connection)
Remote torrent - coming soon
Get around IT/network security - see Socks Proxy.

Security

Coming soon

No comments:

Post a Comment