DEV Community

miheer vaidya
miheer vaidya

Posted on

1 1

Connecting to machine without static IP

So I needed to access a computer without static IP from internet. Here's the way to accomplish it.

  1. Get no.ip ddns account. Create a ddns host and preferably create AAAA record which allows both IPv4 and IPv6.
  2. Hopefully your router has ddns support. Thankfully google fiber had it. It will be buried under "advanced" but most likely it should be there. Goto step 4.
  3. If the router doesn't have ddns support, you can install the ddns client, don't install no.ip client. Configure it using this article. Note, ubuntu package installation will ask most of these questions.
  4. Add the no.ip configurations in your router. By this point you should reach your router from outside world but not actually reach your machine.
  5. In router configuration, find a way to forward a port. Here we will forward ssh port to outside.

Advanced/Anxious steps

  1. In sshd.conf add an additional port to run ssh server on.

    port 22
    port 10101
    
  2. We will use port 22 from connecting to the computer from within network but when we want to access computer from outside of network we will use 10101 port instead. You might ask why not just use router to do this redirection from 22 to 10101 or other port number? Read on :).

  3. Create duo account. Setup your machine to use duo. Steps differ if you are targeting unix/windows. You can instead use google authenticator but I am not fan of adding 6 digits for each login. AFAIK Microsoft authenticator doesn't support non-windows systems otherwise Microsoft Authenticator also uses passwordless 1 tap authentication.

  4. Now use Match clause in sshd_config to make sure all external accesses are guarded by duo_login. This tells sshd that if connection is coming from the port 10101, make sure public key matches and duo_login is satisfied and password authentication is not allowed.

    # sshd.conf
    ...
    # put at the end of file
    Match LocalPort 10101
    AuthenticationMethods "publickey,keyboard-interactive"
    PasswordAuthentication no
    
  5. Restart sshd service

    service sshd restart
    

Hope you find it useful!

Image of Datadog

How to Diagram Your Cloud Architecture

Cloud architecture diagrams provide critical visibility into the resources in your environment and how they’re connected. In our latest eBook, AWS Solution Architects Jason Mimick and James Wenzel walk through best practices on how to build effective and professional diagrams.

Download the Free eBook

Top comments (1)

Collapse
 
vmiheer profile image
miheer vaidya

Image of Docusign

🛠️ Bring your solution into Docusign. Reach over 1.6M customers.

Docusign is now extensible. Overcome challenges with disconnected products and inaccessible data by bringing your solutions into Docusign and publishing to 1.6M customers in the App Center.

Learn more