(orth.uk)

319 points SpaghettiX | 1 comments | 10 Feb 22 09:18 UTC | HN request time: 0.286s | source

Show context

marginalia_nu ◴[10 Feb 22 11:18 UTC] No.30284730[source]▶

> Each port is also limited to a single machine, so you'd have to choose a different port for a different machine.

I would probably set up one gateway machine, and then from that machine log into other machines on the network; instead of exposing them all to the Internet. SSH allows you to chain logins thus:

  ssh -A -t user@public-gateway ssh -A -t user2@server-behind-dmz

It's a lot less work to lock down one machine really tight enough to expose them to the public Internet than to do it on the entire network.

replies(4): >>30284739 #>>30285263 #>>30285565 #>>30286600 #

1. neurostimulant ◴[10 Feb 22 14:38 UTC] No.30286600[source]▶

>>30284730 #

Unfortunately it doesn't work if you're behind a NAT due to shitty ISP, like me. I use AutoSSH instead to expose my local machine's ssh port on a high port in the gateway machine: `autossh -M 0 -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -v -N -R 22222:localhost:22 user@my-vps-domain`

ServerAliveInterval 30 is important because my ISP often drop idle connections, often not even 1 minute idle. Can probably tweak it to listen to a localhost only port instead of exposing them to internet.

↑

SSH into private machines from anywhere using Cloudflare Tunnel