> The key here, though, is "I have port 22 forwarded to it", right? > Without that step, ssh'ing to the machine behind the router / modem > isn't possible, right? That also was my understanding, which it > would be nice to confirm. > > -- > -- blm Correct. You have to log onto your router and enable port forwarding. Assign your computer a static internal (i.e. 192) IP, and then port forward any incoming traffic on port 22 to that IP. You are correct that you cannot route to a 192 IP directly. It is a non-routable IP (from the web - i.e. not a public IP) hence why it provides a home system with an added layer of protection. Anyone wishing to get to it from the Internet MUST first go through the router in front of it which has your public IP assigned by the ISP. And then use a service such as DYNDNS to get one of their domain names (i.e. whatever.homelinux.com) and configure your router to update DYNDNS whenever your IP changes. If your router cannot do that, there are some Linux tools that will do it (DYNDNS will suggest some). This way you ssh to user@xxxxxxxxxxxxxxxxxxxxxx (putting in the appropriate username and domain name of course). I do this at work all the time and it works great. Other consideration will be to disable root login (so someone can't ssh as root and get su control of your box - note this appears to be case sensitive. I had "No" in my config file and it wouldn't accept it, had to be "no"), and even consider using a key instead of a password challenge (best to have the key on a thumb drive that you keep with you instead of putting it on your office computer for anyone to copy/use). But I wouldn't worry about that one right away. Get it to work as normal password login first. Then check out openssh documention on the web to figure out how to tweak it. Jacques B.
