How to SSH into a server that is outside the campus network

From Metakgp Wiki
Jump to navigation Jump to search


Note: For this guide, we will assume that SERVER is the IP Address of the server you want to SSH into. USER is the name of your username. You need to have the package openssh-client installed on your computer, and the package openssh-server on your server. You need appropriate user access on SERVER so that you can edit files inside the privileged '/etc' folder.

You can only SSH to servers that have their SSH Daemon listening on the port 443. Port 22 (default) is blocked on the campus network, and can't be used to SSH.

  1. Remote servers usually don't listen to port 443 by default, to change that you need to ssh into the server and change the setting. Hence you temporarily need an internet connection that doesn't have any port restrictions.
    1. A common method to do this is to use mobile data on your phone, and start a hotspot, once done, you will have complete Internet access. If your server provider provides a web console access, you can use that to add make the following changes too. Also see the next section.
    2. Another method to achieve this would be to SSH into a server that you have configured with this guide before, and then SSH from that server into USER@SERVER
  2. With the unrestricted connection SSH normally into your server (ssh USER@SERVER). On your server, edit the file /etc/ssh/sshd_config, and add Port 443 in a new line after Port 22
  3. Now, save the file, and restart the ssh daemon. Depending on your system, there might be several ways to restart a service. For instance,
    1. 'sudo service ssh restart' (Ubuntu based systems)
    2. Using the administrator console of your server provider (AWS Console or Digital Ocean Droplets)
  4. Now, turn off the mobile data and hotspot setup, and reconnect to the Institute WiFi or LAN
  5. Install corkscrew ('automake --add-missing' followed by 'autoreconf' followed by './configure' followed by 'make' and finally 'make install')
  6. Inside the file ~/.ssh/config add the following lines, at the top of the file :
    Host myserver
        User myuser
        Hostname myserver.com
        ProxyCommand corkscrew 172.16.2.30 8080 %h %p
        IdentityFile /home/user/.ssh/id_file
        port 443
    Note: You will have to replace the values of User, Hostname and IdentityFile appropriately
    Note: Remove the line with IdentityFile if you want to login using password instead of SSH keys
  7. If you are connecting an AWS server, please add HTTPS Port 443 to inbound rules of your chosen security group.
  8. Now you can SSH into the remote server from institute's network by executing ssh myserver

Configuring Amazon AWS

If you have an Amazon AWS instance, you can allow the 443 port access by changing the inbound traffic rules in the instance management console. For instance, allowing the HTTPS traffic (through port 443) from IIT Kharagpur's IP or globally (0.0.0.0) should allow you to access the server directly.

See Also

External Links