Redirecting SSH

, ,

YunoHost version: (stable)
I have access to my server : Through SSH | through the webadmin


My Yunohost server at home uses a public IP address from a VPN.
In a second machine I have installed something else, which is publicly available through the Yunohost Redirect app.

What should I do to SSH into this second machine from the Internet?

Thank you!

i guess choosing two different SSH ports (which you can change from yunohost’s webadmin) and redirecting those ports from your router to the appropriate machines

The thing is I cannot redirect ports from my router. My Yunohost server is in a VPN.

I was wondering if there is any redirect I could do from the Yunhost server.

Maybe I didn’t explain properly.

The public IP address of my Yunohost server is in the VPN, not in my home router -I did so to have a working email server.

So in my home router I cannot do that kind of port-forwarding because the router just sees VPN-encapsulated traffic to my Yunohost server.

Ssh to your yunohost server and from there ssh to your other machine using its local ip

1 Like

Yes, thanks, ssh jumping would be a solution too, but I forgot to mention another requirement (apologies): because of administration policies, it requires independent access.

I guess I will have to configure another VPN connection to the second machine.

If server 1 is behind vpn then server 2 can be reached using a port forwarded in the router. Try it and if you get an error, share it

This is the setup: I configured a VPS on an external provider as a “VPN server”. Then I configured server 1 (my Yunohost server) as a “VPN client”. That way server 1 can use the VPS public IP address.

So I think I cannot do a port redirect in the router because all traffic (any port) to server 1 is VPN-encrypted; that is, the router cannot see traffic sent to server 1.

I guess another solution could be to play with iptables on the Yunohost server (server 1) to make it be the one forwarding ports to server 2.

However, as I would like to keep the Yunohost server’s configuration as standard as possible (in order to avoid future headaches), I guess I will go for the option of configuring a VPN client on server 2.

I think the suggestion was to leave server 1 and the VPN out of it altogether. If you set up a port forward on the router for traffic from port 22 (or whatever port you would like server 2 to use for SSH), when you SSH to the externally-facing IP address of the router it will connect you to server 2. This type of forward will have no impact on server 1 since it is using a VPN (which uses a separate port number for all traffic).

If you want to rope server 2 into the VPN like you mentioned, you certainly can but it is not needed.

I don’t have any static public IP address to reach the SSH service of server 2. I do have a static public IP address (the one on the VPS) to reach the web service of server 2 (done through server 1 Yunohost Redirect), and I have a DNS record pointing to it.

So, yes, I think I could do port forwarding to SSH into server 2, but only if I add a different DNS solution just for the SSH service, like DDNS.

Edited the message above, it had a mistake.

And if you install a vpn server on your yunohost and connect server 2 to it, change its ssh port to 5555 (for example) and allow this port in the yunohost firewall (in the webadmin).
Another thing, why not use the same vpn for both servers?

Yes, that is what I suggested as my favorite option: Having server 2 as another VPN client (and isolating VPN clients through firewall so that they cannot talk to each other).

Hope it won’t break the redirect :roll_eyes:

I did it, it works.