Setting up server to connect using SSH over the internet (Ubuntu 14.04)

Posted on


I am trying to set up a local server to be accessible from outside of the local network. I am new to this concept and a little unsure as to what to do.

At the moment I access the computer using: ssh user@192.168.X.X.

I would like to set this server up to be accessible from outside of the local network.

I have been reading about networking including TCP/IP and IP addresses etc however I find myself unsure how to actually make it happen.

I am using Ubuntu 14.04 LTS and have a public IP. Behind the router there is a LAN network of 4 windows computers and a linux server which runs MySQL server.


To use SSH to your server via the internet :

  1. On your computer : You need to open port 22 in the firewall.
  2. On the router : You need to forward port 22 to you at 192.168.X.X.
    Note that you can open a non-standard port on the router, for example 500,
    then forward it to port 22 on your computer, for safety reasons.
    You will then connect SSH to port 500 while your computer will be listening
    on the standard port 22.
  3. Find out the external IP address of the router by, for example, visiting
  4. If your external IP address is not static (that depends on your ISP),
    you will need to give your router a DNS name. You will need to get an account
    with some Dynamic DNS supplier that is supported by your router,
    so that the router will automatically update its IP address with the
    supplier every time it boots. You will then connect to your computer using the
    DNS name, whose format depends on the supplier, for example
    If the DNS supplier is not supported by the router, you will need to either
    manually update it yourself every time it boots or setup ddclient.

Much more information can be found via Google. For example the article :
Dynamic Dns and Remote ssh and VNC.

For more specific answers, we need to know your router model. As you can access the ssh-server on your local lan you can access it over the internet if you configure your router the right way.

The feature is named different on different router, but basically you need to configure the firewall to allow connections on port 22 from your public ip, an then forward the traffic to your local server. This could be named DNAT or Port Forwarding, and on some router the firewall rule is created automatically.

As a side node consider installing fail2ban for your ssh-deamon. Your server will be probed for access, and with fail2ban you limit this activity.

Leave a Reply

Your email address will not be published. Required fields are marked *