Remote_ssh_setup
How I Setup Remote SSH Access Using IPv6 (No Port Forwarding Needed)
Introduction:
what is Remote SSH Access?
Remote SSH access refers to the ability to securely connect to and control a remote computer or server over a network using the Secure Shell (SSH) protocol. Let me tell why we need this:
Most of the people wanted to access their personal linux/window/macos machine remotely. In my case, i need to do bug bounty hunting in my college labs, where our personal laptops are not allowed……. “TBH college lab periods are waste of time in my college”. So i got an idea why can’t i do bug bounty hunting by sitting here, but i need my kali machine which contains all my essential tools and files where i noted down gathered information. That problem made me to think out of the box, so i started to setup my remote ssh access.
why didn’t i accessing using ipv4?
Most internet connections today use private IPv4 addresses behind a NAT (Network Address Translation) setup.This means:
- Our home or college router assigns a private IP like 192.168.X.X or 10.X.X.X, to our machine(kali linux in my case) That private IP is not routable over the public internet
- The router itself has only one IP address which shares to all connected to devices among the Network.
- So, when someone tries to connect to your system using IPv4 from outside your network, the request stops at your router it doesn’t know which device inside to forward it to unless you configure port forwarding
But the actual problem raises here
So i thought we can set up using port forwarding, It also need a static public IP, (public Ip is different from private IP). Most ISPs today use CGNAT to save IPv4 addresses because they’re running out.Here’s what happens:
Your router is behind another layer of NAT at your ISP’s side.
So, your home’s public IP is actually shared with hundreds of other customers.
That means even if you open ports in your router (port forwarding), the ISP’s NAT layer still blocks external connections, because you don’t truly own that public IP.
To overcome this Problem they introduces IPv6, which would be unique through out globe.
Duckdns.org
We understood that we need a public IPv6, which can be found in whatismyipaddress. But it is very difficult to remember our public IPv6. To solve this problem we can use duckdns, which can assign public IPv6 to our required domain name(It is totally free) eg: example.duckdns.org will be our domain. So we need to remember our domain, It’s that simple guys………..
Setting up ssh remote access.
To setup we need to install OpenSSH server on our device, command to install on linux machine:
sudo apt update
sudo apt install openssh-server -y
Then check the SSH service status:
sudo systemctl status ssh
if it’s not running
sudo systemctl enable ssh
sudo systemctl start ssh
After installing openSSH, it’s essential to configure it correctly for remote access and security purposes
Open the SSH configuration file:
sudo nano /etc/ssh/sshd_config
/etc/ssh directory contains the ssh_config and sshd_config files, don’t confuse about them. In essence, ssh_config dictates how your machine connects to other SSH servers, while sshd_config dictates how your machine accepts connections from other SSH clients.
If Your using password-based login then:
PasswordAuthentication yes
If your using SSH key authentication:
PasswordAuthentication no
PubkeyAuthentication yes
If you want root login for setup(risky):
PermitRootLogin yes
Remember: Make sure to restart your ssh after making any changes to your sshd_config file
sudo systemctl restart ssh
Check SSH is listening on port 22
sudo ss -tulpen | grep ssh
you should see something like this:
tcp6 LISTEN 0 128 :::22 :::* users:((“sshd”,pid=xxx,fd=3))
Get your IPv6
Now get your IPv6 from terminal or from whatismyipaddress.
Finally
From your external machine(with IPv6 connectivity) execute this command:
ssh -6 Your_username@<your_IPv6_address>
OR
ssh -6 Your_username@<Your_duckdns_domain>
Example: ssh -6 unibik@2405:204:xxxx:xxxx::123
Or if you use duckdns(highly recommanded)
Example: ssh -6 unibik@example.duckdns.org
To access ssh remotely 24/7 your host machine should always be connected to internet. If your host machine goes into sleep mode or suspened, we cannot access it.
conclusion
Finally i have setup remote SSH access using IPv6 which made to learn about SSH,CGNAT,NAT,Port forwarding,config files etc. So after settting up i used to learn and do bug bounty hunting from my college labs without knowing to faculty members.
If any of my faculty members are reading this excuse me for that :)