Question

14

How can I help someone (like granny) over SSH who is behind a NAT router?

rated 0 times [ 14] [ 0] / answers: 1 / hits: 3702 / 3 Years ago, mon, august 2, 2021, 6:18:29

For helping others quickly, SSH is very useful, especially combined with GNU Screen. It's common that users are behind a NAT router. Even if the user can configure the router, it takes some time to remember the password, find the right options, etc.

So, what is the easiest way to help others over SSH if they're behind a NAT router?

I currently tell people to open a terminal run the below command and pass me their IP from a site like http://ip.appspot.com/:

sudo apt-get install openssh-server ssh-import-id && ssh-import-id lekensteyn

Obviously, this is not going to work if they're behind a NAT router or have a personal firewall configured. So, is there something like:

sshd --accept-help-from lekensteyn

I'm not looking for alternatives like Teamviewer, just a shell like SSH. It should be open-source too.

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

ligenvirt

Add To Favorites

Follow

Total Points: 238

Total Questions: 98

Total Answers: 100

Location: Senegal

Member since Fri, Aug 21, 2020

4 Years ago

ligenvirt questions

1 Ubuntu Server 20.04.3 LTS won't boot after installation

Tue, Aug 17, 21, 02:28, 3 Years ago

1 How can I customize my GTK theme?

Thu, Sep 23, 21, 17:55, 3 Years ago

1 20.04 vs 20.10 and backup questions

Mon, Oct 18, 21, 03:34, 3 Years ago

1 Files exist, but "cannot open shared object file: No such file or directory" 20.04

Sun, Feb 26, 23, 22:34, 1 Year ago

1 I have python 3 installed on both apt and snap - should I remove one of them?

Fri, Jul 29, 22, 05:03, 2 Years ago

View All

answered 3 Years ago eving · Accepted Answer

If your own computer can accept SSH connections, there is a way to use the technique that Pavlos G. linked to without an extra computer.

You first need an underprivileged* user that your friend will connect as:

sudo adduser reverse --shell /bin/false

Tell your friend to start the tunnel:

ssh -N -R 62222:localhost:22 reverse@lekensteyns-server

Then, on your own computer (lekensteyns-server), start the reverse connection:

ssh -p 62222 localhost

* I don't know enough about security to be able to advise on creating a suitably underprivileged user. That's probably something that should be covered in a separate question.