47

I want to access my home computer from work through SSH, but the problem is my home computer is behind a NAT router (which I don't have access to). Because my work computer has a CentOS installed and is behind a proxy, I couldn't use TeamViwer (TV is ported on Linux with wine, and apparently proxy settings won't work).

Does anyone has knowledge of a program that would suit my needs?

Thanks, Claudiu

Claudiu
  • 2,124
  • 4
  • 26
  • 36
  • 2
    "Can anyone recommend a program" questions belong on superuser. – Ben Voigt Mar 28 '11 at 22:23
  • http://www.plugcomputer.org/plugforum/index.php?topic=1897.msg11314#msg11314 –  Oct 31 '11 at 10:46
  • I think tmate is tool that you are looking for, check out my answer. – valentt Sep 10 '15 at 10:39
  • I fxxking love this post. Solve my problem! You guys are really fxxking smart! Both tmate and hamachi worked! The tmate is a good way for fast sharing. hamachi will be very stable. If you want to use SSH, once you done the Linux installation, using 'ifconfig' to check the IP address under 'ham0' section, which is not an 'internal' IP address that is amazing. – Samo Jerom Mar 08 '17 at 15:34

9 Answers9

43

I have been looking for same thing and have found two tools!

  • tmate - instant terminal sharing
  • GoTTY - Share your terminal as a web application

tmate: When you start tmate in your terminal it will create a ssh link that you can share with another party that you wish to allow connecting to your terminal session. Another party just needs to have ssh installed.

Works through NATs without a problem, no 3rd party tool is needed.

tmate ssh links look like this:

ssh 6wfUwfzXF77x6vSapQAb5Q81q@fk1.tmate.io

Just install tmate on your system, there are packages in official repositories for almost all major distros (Fedora, Debian, Arch, Ubuntu...)

Also, tmate is open-source and allows you to set up and use your own server if you later decide to avoid using any 3rd-party service.

GoTTY: Share any terminal app you wish and the other party doesn't even need to have ssh, but you need to sort out port forwarding if you are behind a firewall and NAT.

finnan
  • 330
  • 2
  • 7
valentt
  • 857
  • 8
  • 19
  • Thanks. I have tried tmate. tmate can works behind NAT and firewall. It works at non-GUI mode. It is a good alternative of teamviewer in linux non-GUI mode for me. – Nick Dong Jan 23 '17 at 17:11
  • Since `tmate` has not been updated actively recently. I suggest trying [ngrok](https://ngrok.com/) which I am using personally. Just use it to expose the ssh service by `ngrok tcp 22`. – taper Aug 17 '18 at 16:33
  • @taper ngrok is commercial software with paid plans. Unfortunately, you can't freely run your own server with `ngrok` like you can with tmate, as they state: "You may license a dedicated installation of the ngrok server cluster for commercial use. You provide us with keys to an AWS account and we will install the server cluster software into that account." It also features dedicated support and seems to be more suitable for commercial use rather than home/education. – finnan Mar 23 '21 at 00:49
  • 1
    @taper [tmate](https://tmate.io/) was updated in Nov 2019, they added named sessions with help of API keys and foreground mode with `tmate -F`. Also, I see a commit in their github a couple of days ago. Hope they will make a new release soon. – finnan Mar 23 '21 at 00:56
5

From the sounds of it, there's no particular "application" that's going to solve your problem, it's more of a networking issue - your home computer is behind NAT and your work computer is behind a proxy (http or socks).

So you need a third computer - preferably running Linux or BSD - call it "third-pc". A cheap Linux vps hosting is probably the best way to go.

From your work computer, you can use "connect" in your ssh configuration to tunnel through the proxy to "third-pc" - see http://bent.latency.net/bent/git/goto-san-connect-1.85/src/connect.html.

For example, here is an entry I have in my ~/.ssh/config:

Host foo.dyndns.org
    User sonia
    Port 443
    ProxyCommand connect -H 1.2.3.4:8080 %h %p

(Using port 443 is a common way to get around http proxies).

From your home computer, you can use "autossh" to setup a persistent tunnel to "third-pc" - see http://www.harding.motd.ca/autossh/ and http://www.linux.com/archive/feature/134133

From your work computer, you can then ssh up to "third-pc", then back down the autossh tunnel to your home computer.

Sonia Hamilton
  • 4,229
  • 5
  • 35
  • 50
  • 1
    Well, I thought of that, but I would like to solve the problem setting up my "third-pc". That's why I sought software like TeamViewer, because the connection goes through their own servers and I don't have the burden of the extra configuration, and I don't have to pay for that extra pc :P – Claudiu Mar 28 '11 at 14:40
  • The OP is asking for something like teamviewer (using some kind of router traversal software), not setting the router – ChrisAdmin Jul 14 '16 at 09:52
4

[1] Tool itself - i'd recommend taking look at jrdesktop [ http://jrdesktop.sourceforge.net/ ]; though not very active project and not particualry suited for modem-like connections, it is stable, reliable, multiplatform and works fine.

[2] Both jrdekstop and ssh, while not doing NAT-transversal (like Hamachi - so called zero configuration VPN; be sure to check this one! https://secure.logmein.com/products/hamachi2/), have options like "reverese connection" that you might find useful.

Once you establish such VPN between machines, you are free to use ssh,X,RDP,jrdesktop,VNC and other tools of your choice as you would in normal LAN. If you don't trust third party "transversal provider", I heared that it's relatively easy to write your own counterpart to such software (still, at least one of machines must be public, or both NAT-ed must have temporary access to public third machine).

Also, people at serverfault.com might offer better insights.

PMD
  • 64
  • 3
  • 1
    Hm, from what I can see, Hamachi is not for Linux distributions...jrdesktop also doesn't work, because it's only wor LANs, but going on their site I found the solution for me :D it's called Firnass, it's basically the same concept as jrdesktop, but it isn't restricted to working on LANs. It looks to be in incipient form right now, but anyway, it works. Thanks! – Claudiu May 23 '11 at 15:43
  • You're welcome ! I am 100% positive, that there's Hamachi2 available for Linux platforms as well. It's command line version only and also beta stage, but still - it is ! https://secure.logmein.com/US/labs/ – PMD Aug 08 '11 at 22:55
3

You could also use an alternative like Robo-TiTO. This make your server accessible by Jabber chat, (GTalk/Hangouts) for example. It is a pretty simple and straight-forward terminal access. I've been using for a few years. I usually open a reverse SSH tunnel with it and after that it is just a proper SSH access.

formigarafa
  • 377
  • 1
  • 11
  • Seems a nice idea, but I couldn't find much documentation on how to configure it and such... – Claudiu May 23 '11 at 15:58
  • 2
    Update: I have managed to get jabber-shell to work, for anyone having problems with that, here are the steps: 1)install the required packages (ruby, rubygems and the bundler gem); 2) edit config/credentials.example.rb with info from newly created bot account (I used Gmail) and save it as credentials.rb;also be sure to put your gmail account name in the AllowedUsers vector. 3) add the bot to your friends list; 4) start the program with ./jabbershd start; 5) send commands to the bot from a gtalk window and it will respond :) – Claudiu May 26 '11 at 05:32
  • At this time, the githib link https://github.com/formigarafa/jabber-shell is gone (404 error) – knb Mar 06 '12 at 22:30
  • 2
    I've changed jabber-shell name. Now, it's called Robotito and can be found at https://github.com/formigarafa/robotito . Sorry about that, but I changed to avoid confusion, there is other projects with similar names. – formigarafa May 25 '12 at 08:09
2

Remote shell access:

  • Teleconsole - Command line tool to share your UNIX terminal and forward local TCP ports
  • Tmate - Instant Terminal Sharing

Remote GUI access over SSH:

  • Xpra - multi-platform screen and application forwarding system "screen for X11"
Onlyjob
  • 5,692
  • 2
  • 35
  • 35
1

If you only need an ssh connection, you can spend 2.99$/month to buy a cheap vps, and use reverse ssh or ngrok to logging your computer behind NAT.

hailinzeng
  • 966
  • 9
  • 24
0

I don't know if you mean you don't have external-net remote management of your home router, or if someone else keeps the password, but, if you can get access to your router you should likely be able to set up port forwarding so that when you ssh to the public-facing ip of the router, it will automatically send all ssh traffic to a box on the inside network.

Unless your ISP is doing something dastardly with carrier-grade NAT, that should work just fine.

Alternatively, you should be able to connect from home to your work machine via ssh and create a tunnel so that you can shell to your work machine and then grab the session between home and work.

BadFileMagic
  • 701
  • 3
  • 7
  • 1
    It's not my home router, I am actually behind my ISP's NAT router so I can't do any configurations. (I know, ISP's usually give public addresses, but it's a complicated situation) – Claudiu Mar 28 '11 at 14:48
0

NX uses ssh transport. NoMachine distributes both free and premium versions of the tool, and there's also freenx.

Ben Voigt
  • 277,958
  • 43
  • 419
  • 720
-2

You might be able just to use X forwarding with ssh -X host or ssh -Y host and just open graphical applications. Or you set up a VNC server that you could tunnel trough SSH as well.

Martin Ueding
  • 8,245
  • 6
  • 46
  • 92
  • Well, I don't really need graphical applications, I need only CLI...and SSH won't work because my computer is in a private network.But I will try VNC when I get home, I hope it will get over the proxy too :) – Claudiu Mar 28 '11 at 11:54