Jump to content
  • Announcements

    • alpenwasser

      Please Use CODE Tags   31 Jan 2016

      Welcome to the Programming and Software Design Section,

      When asking for help with programming issues, please use the code tags to enclose your code, it makes things much more easily readable for the people trying to help you, thus improving your chances of actually getting help.
        To add code tags, click the <> button on the editor toolbar, then enter your code in the code editor that appears. If you are on a mobile device, or prefer to use BBCode, you can use [code] // Your code here // It will be syntax highlighted, though not necessarily corectly. [/code] (but the code editor is more consistent and less buggy).
babadoctor

Why does SSH need to be port forwarded?

The difference between teamviewer and SSH is where the traffic originates from.

 

With teamviewer, your computer connects to an outside server and tells it which IP and port to send traffic on. When you try to connect to your teamviewer server, you contact the central server (hosted somewhere on the Internet) which connects the two connections to each other.

This is why it does not require port forwarding. Because the connection originates from inside your network. Your router sees that your computer wants to connect to the Internet, so it assigns that connection a dynamic port number which it automatically keeps track of. Since it is your computer starting the connection, your router will know which traffic should be forwarded to it automatically.

 

 

With SSH, there is no middleman. It's not your computer from the inside network that is establishing the connection. Your router will just see an incoming connection on port 22 and then have no idea what to do with the connection. Should this packet on port 22 be sent to computer 192.168.1.6 or should it be sent to 192.168.1.7? Your router will have no idea and just try to process the packets itself, and then probably discard them.

 

There are ways around it with SSH, but they are very complicated so I really don't see why you won't just port forward. Is there any special reason for it?

You will most likely need a VPS or a VPN in order to make it work the way you want. With a VPS you could do the same thing Teamviewer does, but you will have to write the server (middleman) and client (that runs on your SSH server) yourself. I am not aware of any programs that does this already.

 

With the VPN you would have to make sure both the SSH server and client both are on the same network (either a completely separate VPN for the two, or VPN from the client into the server's network) and then you will be able to SSH without port forwarding since you're on the same network.

 

But both solutions are costy. Cost in time, computational resources and money, so I really don't get why you just can't port forward.

Recommended Posts

Posted · Original PosterOP
1 minute ago, SpaceNugget said:

Its one or the other, if you have a static IP, set up your computer with that IP and ALL traffic on ALL ports goes directly to that computer, no port forwarding required.

 

Otherwise, you can set up port forwarding.

 

If you use a VPS like digital ocean with a static IP that you can SSH to, SSH to it from your work computer with the -R flag to create a reverse tunnel to the work computer, then when you ssh to your middle man from home, you are tunneling through to the computer at your work.

 

But this middle man either needs to have its own IP address or port forwarding rules set up to allow you to connect to it.

Okay, thank you!


OFF TOPIC: I suggest every poll from now on to have "**CK EA" option instead of "Other"

Link to post
Share on other sites
Posted · Best Answer

The difference between teamviewer and SSH is where the traffic originates from.

 

With teamviewer, your computer connects to an outside server and tells it which IP and port to send traffic on. When you try to connect to your teamviewer server, you contact the central server (hosted somewhere on the Internet) which connects the two connections to each other.

This is why it does not require port forwarding. Because the connection originates from inside your network. Your router sees that your computer wants to connect to the Internet, so it assigns that connection a dynamic port number which it automatically keeps track of. Since it is your computer starting the connection, your router will know which traffic should be forwarded to it automatically.

 

 

With SSH, there is no middleman. It's not your computer from the inside network that is establishing the connection. Your router will just see an incoming connection on port 22 and then have no idea what to do with the connection. Should this packet on port 22 be sent to computer 192.168.1.6 or should it be sent to 192.168.1.7? Your router will have no idea and just try to process the packets itself, and then probably discard them.

 

There are ways around it with SSH, but they are very complicated so I really don't see why you won't just port forward. Is there any special reason for it?

You will most likely need a VPS or a VPN in order to make it work the way you want. With a VPS you could do the same thing Teamviewer does, but you will have to write the server (middleman) and client (that runs on your SSH server) yourself. I am not aware of any programs that does this already.

 

With the VPN you would have to make sure both the SSH server and client both are on the same network (either a completely separate VPN for the two, or VPN from the client into the server's network) and then you will be able to SSH without port forwarding since you're on the same network.

 

But both solutions are costy. Cost in time, computational resources and money, so I really don't get why you just can't port forward.

Link to post
Share on other sites
10 hours ago, babadoctor said:

This brings me closer to my answer

http://stackoverflow.com/questions/16908714/how-do-you-create-a-peer-to-peer-connection-without-port-forwarding-or-a-centera

 

Decentralized P2P networking

If I can somehow do this but with ssh...

Read the whole page, its exactly the same problem, it still requires a publicly accessible service (the "third party"). to create that you still need to port forward or have a computer with its own external IP to avoid NAT.

Link to post
Share on other sites
Posted · Original PosterOP
42 minutes ago, SpaceNugget said:

Read the whole page, its exactly the same problem, it still requires a publicly accessible service (the "third party"). to create that you still need to port forward or have a computer with its own external IP to avoid NAT.

:( 


OFF TOPIC: I suggest every poll from now on to have "**CK EA" option instead of "Other"

Link to post
Share on other sites

Port forwarding is needed due to NAT. If you have 10 users sharing the same IP address, and you get an SSH connection incoming to that single IP address, your router isn't gonna know what the fuck to do with it. When you set your router to forward all port 22 traffic to a specific mac address behind the router, you can accept incoming traffic from that port.

 

Also security reasons.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.


×