Connect two computers with SSH in a home LAN
I have two ubuntu computer shared the same wifi and desire to reach another from one's terminal.
First create an user on the second computer named "Second" and hostname "Algorithms"
Then tried to reach it from the other with SSH,
but get error report as
$ ssh second@Algorithms
ssh: Could not resolve hostname algorithms: nodename nor servname provided, or not known
The solution I tried is based on networking - Reach other computer from the local - Ask Ubuntu
What's the problem with my experiment?
networking
add a comment |
I have two ubuntu computer shared the same wifi and desire to reach another from one's terminal.
First create an user on the second computer named "Second" and hostname "Algorithms"
Then tried to reach it from the other with SSH,
but get error report as
$ ssh second@Algorithms
ssh: Could not resolve hostname algorithms: nodename nor servname provided, or not known
The solution I tried is based on networking - Reach other computer from the local - Ask Ubuntu
What's the problem with my experiment?
networking
it prompt: ssh: connect to host algorithms.local port 22: Connection refuse @user68186
– user10726006
2 days ago
thank you. Your comment clicks with me. Could you please transmit the comment to answer. @user68186
– user10726006
2 days ago
I am writing an answer.
– user68186
2 days ago
add a comment |
I have two ubuntu computer shared the same wifi and desire to reach another from one's terminal.
First create an user on the second computer named "Second" and hostname "Algorithms"
Then tried to reach it from the other with SSH,
but get error report as
$ ssh second@Algorithms
ssh: Could not resolve hostname algorithms: nodename nor servname provided, or not known
The solution I tried is based on networking - Reach other computer from the local - Ask Ubuntu
What's the problem with my experiment?
networking
I have two ubuntu computer shared the same wifi and desire to reach another from one's terminal.
First create an user on the second computer named "Second" and hostname "Algorithms"
Then tried to reach it from the other with SSH,
but get error report as
$ ssh second@Algorithms
ssh: Could not resolve hostname algorithms: nodename nor servname provided, or not known
The solution I tried is based on networking - Reach other computer from the local - Ask Ubuntu
What's the problem with my experiment?
networking
networking
edited 2 days ago
user68186
15.4k84667
15.4k84667
asked 2 days ago
user10726006user10726006
903
903
it prompt: ssh: connect to host algorithms.local port 22: Connection refuse @user68186
– user10726006
2 days ago
thank you. Your comment clicks with me. Could you please transmit the comment to answer. @user68186
– user10726006
2 days ago
I am writing an answer.
– user68186
2 days ago
add a comment |
it prompt: ssh: connect to host algorithms.local port 22: Connection refuse @user68186
– user10726006
2 days ago
thank you. Your comment clicks with me. Could you please transmit the comment to answer. @user68186
– user10726006
2 days ago
I am writing an answer.
– user68186
2 days ago
it prompt: ssh: connect to host algorithms.local port 22: Connection refuse @user68186
– user10726006
2 days ago
it prompt: ssh: connect to host algorithms.local port 22: Connection refuse @user68186
– user10726006
2 days ago
thank you. Your comment clicks with me. Could you please transmit the comment to answer. @user68186
– user10726006
2 days ago
thank you. Your comment clicks with me. Could you please transmit the comment to answer. @user68186
– user10726006
2 days ago
I am writing an answer.
– user68186
2 days ago
I am writing an answer.
– user68186
2 days ago
add a comment |
3 Answers
3
active
oldest
votes
ssh
within a home Local Area Network (LAN)
I assume there are two users each with their own computers running Ubuntu.
user1
usescomp1
and
user2
usescomp2
.
The goal is for user1
to remotely access comp2
using user2
's account in comp2
.
Note: If user1
has an account in comp2
and user1
wishes to access her account in comp2
from comp1
then she she does not have to specify the username in the ssh command. ssh comp2.local
will work.
Setup ssh
server in comp2
For this you will need to physically go to comp2
and login to it using an account with administration privileges. I assume that is, user2
account.
Install the ssh
server
Desktop Ubuntu does not come with any servers. To ssh
into comp2
you will first need to install the openssh-server
. Open a terminal in comp2
by pressing Ctrl+Alt+T and enter the following lines one at a time:
sudo apt update
sudo apt install openssh-server
You will be asked for user2
's password. When you type the password the cursor will not move and it will seem like nothing is happening. This is normal. Hit Enter after typing the password. Then follow the instructions.
Once openssh-server
is installed you will see a new options in Settings under sharing called "RemoteLogin" and it will be "On":
The standard Ubuntu desktop does not come with any firewalls installed. If you have a firewall installed then make sure it allows connections to port 22 from within the LAN. The instructions will depend on the specific firewall software.
Test ssh
locally
Still at the terminal of comp2
test that ssh
is working. Enter the command:
ssh 127.0.0.1
The 127.0.0.1
refers to the IP address of the computer you are using. In other words, you are trying to ssh from comp2
to comp2
. If all goes well you will be asked if you are sure you want to connect and then for your password. Once you answer yes
for being sure and enter the password for user2
you will see the terminal prompt change from user2@comp2$
to user2@127.0.0.1$
. This shows that you have successfully sshed from comp2
to itself.
Note: Since the same user (user2
) is ssh-ing in this case, you don't need to specify ssh user2@127.0.0.1
in the ssh command.
ssh
from comp1
To ssh
from comp1
to comp2
you can either use the computer name (hostname) or its IP address. To find the IP address of comp2
use the ifconfig
command in the terminal of comp2
. You will see an address like 192.168.x.y
, where x
can be 0
or 1
and y
can be any number between 2
and 255
.
Form a terminal in comp1
enter either:
ssh user2@comp2.local
or
ssh user2@192.168.x.y
Note: If you use the name of the computer then you must add .local
at the end. If you use the local IP address, it may change from time to time if a fixed address is not assigned.
Security concerns
- Router setup
- Enable public key based authentication and disable password based authentication.
- Install and configure a firewall
1. Router setup
Make sure port 22 is not forwarded to any computers in the home router. This will prevent anyone from outside the home LAN use ssh to connect to the home computers.
The instructions are router specific and beyond the scope of this answer as it has nothing to do with Ubuntu.
2. Enable public key based authentication and disable password based authentication
This is more secure way to use ssh. It uses a private-public key pair. The private key remains in the trusted computer from which the ssh connection is made. In this case comp1
. The public key goes to comp2
. Once the keys are in place, you will disable password based authentication in the ssh server in comp2
. If you disable password based authentication without making sure the key based authentication is working, then ssh will not work, as there will be no way to authenticate the remote user.
First generate the private-public key pair in the user1@comp1
. This will need to be done at each user and each local computer from where you ssh to another computer. In a terminal enter:
ssh-keygen -t rsa -b 4096
The process will prompt you for a passphrase. You can hit enter if you don't want one. If you do enter a passphrase, you will be asked for it every time you ssh from comp1
to comp2
. If you use a passphrase it should not be same as the password used for normal login.
Next you will need to copy the public key from comp1
to comp2
. In the terminal in comp1
enter:
ssh-copy-id user2@comp2.local
You will be asked to enter the login password of user2
in comp2
. If you have other computers in the home LAN you want to ssh to from the user1@comp1
then you need not create a new key-pair. Copy the public key of user1@comp1
to the other user accounts in the other remote computers using the above command.
Once the public key is successfully copied to the user2
account of comp2
try to ssh again:
ssh user2@comp2.local
Now you should be able to get into comp2
without user2
's password. At this point one can either use the password or the public key you generated to log in. You can test this by creating a new user (or with an existing second user) in comp1
, such as user1a
. At this stage user1@comp1
will be able to ssh to user2@comp2
without password using the public key. On the other hand user1a@comp1
will be able to ssh to user2@comp2
will need to use the password of user2
.
The next step is to disable the password based authentication. You may want to do this locally in a terminal of comp2
. Use the following command to edit /etc/ssh/sshd_config
sudo nano /etc/ssh/sshd_config
Then make sure it contains the following lines and they are uncommented:
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
Note these lines may not be together. "Uncommented" means there is no #
in front of each of these lines.
Use Ctrl+W to save the changes and Ctrl+X to exit the editor.
Finally, restart the ssh server with the new settings by the following command:
sudo systemctl restart ssh
Now user1@comp1
will still be able to ssh to user2@comp2
without password using the public key. On the other hand user1a@comp1
will get permission denied to ssh to user2@comp2
.
3. Install and configure a firewall
There are many firewall software, and some of them are hard to configure. I suggest you install the "uncomplicated firewall" called ufw
by the command:
sudo apt install ufw
To open the port 22 but only from within the home LAN use the command:
sudo ufw allow from 192.168.x.0/24 to any port 22
Note: replace x
with either 0
or 1
based on your router setup.
This firewall setting in comp2
stops anyone from outside the home LAN use ssh to connect to comp2
. However, it allows anyone (using any computer) within the home LAN try to ssh into comp2
. If comp2
is removed from home and taken somewhere else and connected to another "similar" network, say by WiFi, all the computers in that network will be allowed to access port 22 of comp2
by this firewall setting. For this reason I recommend password based authentication to be disabled and private-public key based authentication be used in all computers running the ssh server.
Hope this helps
1
+1 but I have three laptops. Suggest changing "desktop computers" to "machines" for broader audience.
– WinEunuuchs2Unix
2 days ago
@WinEunuuchs2Unix Thanks for pointing this out. I have edited the text and removed "desktop". I prefer "computers" to "machine". I have also mentioned the OS (Ubuntu) to make it clear that it is not Windows to Ubuntu or Ubuntu to Windows kind of answer. On second thought, The answer works for Windows with WSL or native ssh client as well.
– user68186
yesterday
appreciate it very much your elaborate instruction. What do you mean "Make sure port 22 is not forwarded to any computers in the home router." the forward here is the forward in "forward an email"
– user10726006
21 hours ago
@user10726006 Thanks for the appreciation. Feel free to up-vote if not done so already. The "port forwarding" is slightly different from forwarding an email. It is in the router settings. You will have to Google it to know more.
– user68186
10 hours ago
add a comment |
Maybe try to ssh via IP not hostname?
You can check ip using ifconfig
New contributor
add a comment |
Add a string to your /etc/hosts
file like this:
<IP_ADDRESS_OF_YOUR_ALGORITHMS_HOST> algorithms
For example:
192.168.168.168 algorithms
Save /etc/hosts
and try connecting again.
Anyway, as a quick solution, you can always connect directly via IP address:
ssh second@192.168.168.168
New contributor
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1107987%2fconnect-two-computers-with-ssh-in-a-home-lan%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
ssh
within a home Local Area Network (LAN)
I assume there are two users each with their own computers running Ubuntu.
user1
usescomp1
and
user2
usescomp2
.
The goal is for user1
to remotely access comp2
using user2
's account in comp2
.
Note: If user1
has an account in comp2
and user1
wishes to access her account in comp2
from comp1
then she she does not have to specify the username in the ssh command. ssh comp2.local
will work.
Setup ssh
server in comp2
For this you will need to physically go to comp2
and login to it using an account with administration privileges. I assume that is, user2
account.
Install the ssh
server
Desktop Ubuntu does not come with any servers. To ssh
into comp2
you will first need to install the openssh-server
. Open a terminal in comp2
by pressing Ctrl+Alt+T and enter the following lines one at a time:
sudo apt update
sudo apt install openssh-server
You will be asked for user2
's password. When you type the password the cursor will not move and it will seem like nothing is happening. This is normal. Hit Enter after typing the password. Then follow the instructions.
Once openssh-server
is installed you will see a new options in Settings under sharing called "RemoteLogin" and it will be "On":
The standard Ubuntu desktop does not come with any firewalls installed. If you have a firewall installed then make sure it allows connections to port 22 from within the LAN. The instructions will depend on the specific firewall software.
Test ssh
locally
Still at the terminal of comp2
test that ssh
is working. Enter the command:
ssh 127.0.0.1
The 127.0.0.1
refers to the IP address of the computer you are using. In other words, you are trying to ssh from comp2
to comp2
. If all goes well you will be asked if you are sure you want to connect and then for your password. Once you answer yes
for being sure and enter the password for user2
you will see the terminal prompt change from user2@comp2$
to user2@127.0.0.1$
. This shows that you have successfully sshed from comp2
to itself.
Note: Since the same user (user2
) is ssh-ing in this case, you don't need to specify ssh user2@127.0.0.1
in the ssh command.
ssh
from comp1
To ssh
from comp1
to comp2
you can either use the computer name (hostname) or its IP address. To find the IP address of comp2
use the ifconfig
command in the terminal of comp2
. You will see an address like 192.168.x.y
, where x
can be 0
or 1
and y
can be any number between 2
and 255
.
Form a terminal in comp1
enter either:
ssh user2@comp2.local
or
ssh user2@192.168.x.y
Note: If you use the name of the computer then you must add .local
at the end. If you use the local IP address, it may change from time to time if a fixed address is not assigned.
Security concerns
- Router setup
- Enable public key based authentication and disable password based authentication.
- Install and configure a firewall
1. Router setup
Make sure port 22 is not forwarded to any computers in the home router. This will prevent anyone from outside the home LAN use ssh to connect to the home computers.
The instructions are router specific and beyond the scope of this answer as it has nothing to do with Ubuntu.
2. Enable public key based authentication and disable password based authentication
This is more secure way to use ssh. It uses a private-public key pair. The private key remains in the trusted computer from which the ssh connection is made. In this case comp1
. The public key goes to comp2
. Once the keys are in place, you will disable password based authentication in the ssh server in comp2
. If you disable password based authentication without making sure the key based authentication is working, then ssh will not work, as there will be no way to authenticate the remote user.
First generate the private-public key pair in the user1@comp1
. This will need to be done at each user and each local computer from where you ssh to another computer. In a terminal enter:
ssh-keygen -t rsa -b 4096
The process will prompt you for a passphrase. You can hit enter if you don't want one. If you do enter a passphrase, you will be asked for it every time you ssh from comp1
to comp2
. If you use a passphrase it should not be same as the password used for normal login.
Next you will need to copy the public key from comp1
to comp2
. In the terminal in comp1
enter:
ssh-copy-id user2@comp2.local
You will be asked to enter the login password of user2
in comp2
. If you have other computers in the home LAN you want to ssh to from the user1@comp1
then you need not create a new key-pair. Copy the public key of user1@comp1
to the other user accounts in the other remote computers using the above command.
Once the public key is successfully copied to the user2
account of comp2
try to ssh again:
ssh user2@comp2.local
Now you should be able to get into comp2
without user2
's password. At this point one can either use the password or the public key you generated to log in. You can test this by creating a new user (or with an existing second user) in comp1
, such as user1a
. At this stage user1@comp1
will be able to ssh to user2@comp2
without password using the public key. On the other hand user1a@comp1
will be able to ssh to user2@comp2
will need to use the password of user2
.
The next step is to disable the password based authentication. You may want to do this locally in a terminal of comp2
. Use the following command to edit /etc/ssh/sshd_config
sudo nano /etc/ssh/sshd_config
Then make sure it contains the following lines and they are uncommented:
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
Note these lines may not be together. "Uncommented" means there is no #
in front of each of these lines.
Use Ctrl+W to save the changes and Ctrl+X to exit the editor.
Finally, restart the ssh server with the new settings by the following command:
sudo systemctl restart ssh
Now user1@comp1
will still be able to ssh to user2@comp2
without password using the public key. On the other hand user1a@comp1
will get permission denied to ssh to user2@comp2
.
3. Install and configure a firewall
There are many firewall software, and some of them are hard to configure. I suggest you install the "uncomplicated firewall" called ufw
by the command:
sudo apt install ufw
To open the port 22 but only from within the home LAN use the command:
sudo ufw allow from 192.168.x.0/24 to any port 22
Note: replace x
with either 0
or 1
based on your router setup.
This firewall setting in comp2
stops anyone from outside the home LAN use ssh to connect to comp2
. However, it allows anyone (using any computer) within the home LAN try to ssh into comp2
. If comp2
is removed from home and taken somewhere else and connected to another "similar" network, say by WiFi, all the computers in that network will be allowed to access port 22 of comp2
by this firewall setting. For this reason I recommend password based authentication to be disabled and private-public key based authentication be used in all computers running the ssh server.
Hope this helps
1
+1 but I have three laptops. Suggest changing "desktop computers" to "machines" for broader audience.
– WinEunuuchs2Unix
2 days ago
@WinEunuuchs2Unix Thanks for pointing this out. I have edited the text and removed "desktop". I prefer "computers" to "machine". I have also mentioned the OS (Ubuntu) to make it clear that it is not Windows to Ubuntu or Ubuntu to Windows kind of answer. On second thought, The answer works for Windows with WSL or native ssh client as well.
– user68186
yesterday
appreciate it very much your elaborate instruction. What do you mean "Make sure port 22 is not forwarded to any computers in the home router." the forward here is the forward in "forward an email"
– user10726006
21 hours ago
@user10726006 Thanks for the appreciation. Feel free to up-vote if not done so already. The "port forwarding" is slightly different from forwarding an email. It is in the router settings. You will have to Google it to know more.
– user68186
10 hours ago
add a comment |
ssh
within a home Local Area Network (LAN)
I assume there are two users each with their own computers running Ubuntu.
user1
usescomp1
and
user2
usescomp2
.
The goal is for user1
to remotely access comp2
using user2
's account in comp2
.
Note: If user1
has an account in comp2
and user1
wishes to access her account in comp2
from comp1
then she she does not have to specify the username in the ssh command. ssh comp2.local
will work.
Setup ssh
server in comp2
For this you will need to physically go to comp2
and login to it using an account with administration privileges. I assume that is, user2
account.
Install the ssh
server
Desktop Ubuntu does not come with any servers. To ssh
into comp2
you will first need to install the openssh-server
. Open a terminal in comp2
by pressing Ctrl+Alt+T and enter the following lines one at a time:
sudo apt update
sudo apt install openssh-server
You will be asked for user2
's password. When you type the password the cursor will not move and it will seem like nothing is happening. This is normal. Hit Enter after typing the password. Then follow the instructions.
Once openssh-server
is installed you will see a new options in Settings under sharing called "RemoteLogin" and it will be "On":
The standard Ubuntu desktop does not come with any firewalls installed. If you have a firewall installed then make sure it allows connections to port 22 from within the LAN. The instructions will depend on the specific firewall software.
Test ssh
locally
Still at the terminal of comp2
test that ssh
is working. Enter the command:
ssh 127.0.0.1
The 127.0.0.1
refers to the IP address of the computer you are using. In other words, you are trying to ssh from comp2
to comp2
. If all goes well you will be asked if you are sure you want to connect and then for your password. Once you answer yes
for being sure and enter the password for user2
you will see the terminal prompt change from user2@comp2$
to user2@127.0.0.1$
. This shows that you have successfully sshed from comp2
to itself.
Note: Since the same user (user2
) is ssh-ing in this case, you don't need to specify ssh user2@127.0.0.1
in the ssh command.
ssh
from comp1
To ssh
from comp1
to comp2
you can either use the computer name (hostname) or its IP address. To find the IP address of comp2
use the ifconfig
command in the terminal of comp2
. You will see an address like 192.168.x.y
, where x
can be 0
or 1
and y
can be any number between 2
and 255
.
Form a terminal in comp1
enter either:
ssh user2@comp2.local
or
ssh user2@192.168.x.y
Note: If you use the name of the computer then you must add .local
at the end. If you use the local IP address, it may change from time to time if a fixed address is not assigned.
Security concerns
- Router setup
- Enable public key based authentication and disable password based authentication.
- Install and configure a firewall
1. Router setup
Make sure port 22 is not forwarded to any computers in the home router. This will prevent anyone from outside the home LAN use ssh to connect to the home computers.
The instructions are router specific and beyond the scope of this answer as it has nothing to do with Ubuntu.
2. Enable public key based authentication and disable password based authentication
This is more secure way to use ssh. It uses a private-public key pair. The private key remains in the trusted computer from which the ssh connection is made. In this case comp1
. The public key goes to comp2
. Once the keys are in place, you will disable password based authentication in the ssh server in comp2
. If you disable password based authentication without making sure the key based authentication is working, then ssh will not work, as there will be no way to authenticate the remote user.
First generate the private-public key pair in the user1@comp1
. This will need to be done at each user and each local computer from where you ssh to another computer. In a terminal enter:
ssh-keygen -t rsa -b 4096
The process will prompt you for a passphrase. You can hit enter if you don't want one. If you do enter a passphrase, you will be asked for it every time you ssh from comp1
to comp2
. If you use a passphrase it should not be same as the password used for normal login.
Next you will need to copy the public key from comp1
to comp2
. In the terminal in comp1
enter:
ssh-copy-id user2@comp2.local
You will be asked to enter the login password of user2
in comp2
. If you have other computers in the home LAN you want to ssh to from the user1@comp1
then you need not create a new key-pair. Copy the public key of user1@comp1
to the other user accounts in the other remote computers using the above command.
Once the public key is successfully copied to the user2
account of comp2
try to ssh again:
ssh user2@comp2.local
Now you should be able to get into comp2
without user2
's password. At this point one can either use the password or the public key you generated to log in. You can test this by creating a new user (or with an existing second user) in comp1
, such as user1a
. At this stage user1@comp1
will be able to ssh to user2@comp2
without password using the public key. On the other hand user1a@comp1
will be able to ssh to user2@comp2
will need to use the password of user2
.
The next step is to disable the password based authentication. You may want to do this locally in a terminal of comp2
. Use the following command to edit /etc/ssh/sshd_config
sudo nano /etc/ssh/sshd_config
Then make sure it contains the following lines and they are uncommented:
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
Note these lines may not be together. "Uncommented" means there is no #
in front of each of these lines.
Use Ctrl+W to save the changes and Ctrl+X to exit the editor.
Finally, restart the ssh server with the new settings by the following command:
sudo systemctl restart ssh
Now user1@comp1
will still be able to ssh to user2@comp2
without password using the public key. On the other hand user1a@comp1
will get permission denied to ssh to user2@comp2
.
3. Install and configure a firewall
There are many firewall software, and some of them are hard to configure. I suggest you install the "uncomplicated firewall" called ufw
by the command:
sudo apt install ufw
To open the port 22 but only from within the home LAN use the command:
sudo ufw allow from 192.168.x.0/24 to any port 22
Note: replace x
with either 0
or 1
based on your router setup.
This firewall setting in comp2
stops anyone from outside the home LAN use ssh to connect to comp2
. However, it allows anyone (using any computer) within the home LAN try to ssh into comp2
. If comp2
is removed from home and taken somewhere else and connected to another "similar" network, say by WiFi, all the computers in that network will be allowed to access port 22 of comp2
by this firewall setting. For this reason I recommend password based authentication to be disabled and private-public key based authentication be used in all computers running the ssh server.
Hope this helps
1
+1 but I have three laptops. Suggest changing "desktop computers" to "machines" for broader audience.
– WinEunuuchs2Unix
2 days ago
@WinEunuuchs2Unix Thanks for pointing this out. I have edited the text and removed "desktop". I prefer "computers" to "machine". I have also mentioned the OS (Ubuntu) to make it clear that it is not Windows to Ubuntu or Ubuntu to Windows kind of answer. On second thought, The answer works for Windows with WSL or native ssh client as well.
– user68186
yesterday
appreciate it very much your elaborate instruction. What do you mean "Make sure port 22 is not forwarded to any computers in the home router." the forward here is the forward in "forward an email"
– user10726006
21 hours ago
@user10726006 Thanks for the appreciation. Feel free to up-vote if not done so already. The "port forwarding" is slightly different from forwarding an email. It is in the router settings. You will have to Google it to know more.
– user68186
10 hours ago
add a comment |
ssh
within a home Local Area Network (LAN)
I assume there are two users each with their own computers running Ubuntu.
user1
usescomp1
and
user2
usescomp2
.
The goal is for user1
to remotely access comp2
using user2
's account in comp2
.
Note: If user1
has an account in comp2
and user1
wishes to access her account in comp2
from comp1
then she she does not have to specify the username in the ssh command. ssh comp2.local
will work.
Setup ssh
server in comp2
For this you will need to physically go to comp2
and login to it using an account with administration privileges. I assume that is, user2
account.
Install the ssh
server
Desktop Ubuntu does not come with any servers. To ssh
into comp2
you will first need to install the openssh-server
. Open a terminal in comp2
by pressing Ctrl+Alt+T and enter the following lines one at a time:
sudo apt update
sudo apt install openssh-server
You will be asked for user2
's password. When you type the password the cursor will not move and it will seem like nothing is happening. This is normal. Hit Enter after typing the password. Then follow the instructions.
Once openssh-server
is installed you will see a new options in Settings under sharing called "RemoteLogin" and it will be "On":
The standard Ubuntu desktop does not come with any firewalls installed. If you have a firewall installed then make sure it allows connections to port 22 from within the LAN. The instructions will depend on the specific firewall software.
Test ssh
locally
Still at the terminal of comp2
test that ssh
is working. Enter the command:
ssh 127.0.0.1
The 127.0.0.1
refers to the IP address of the computer you are using. In other words, you are trying to ssh from comp2
to comp2
. If all goes well you will be asked if you are sure you want to connect and then for your password. Once you answer yes
for being sure and enter the password for user2
you will see the terminal prompt change from user2@comp2$
to user2@127.0.0.1$
. This shows that you have successfully sshed from comp2
to itself.
Note: Since the same user (user2
) is ssh-ing in this case, you don't need to specify ssh user2@127.0.0.1
in the ssh command.
ssh
from comp1
To ssh
from comp1
to comp2
you can either use the computer name (hostname) or its IP address. To find the IP address of comp2
use the ifconfig
command in the terminal of comp2
. You will see an address like 192.168.x.y
, where x
can be 0
or 1
and y
can be any number between 2
and 255
.
Form a terminal in comp1
enter either:
ssh user2@comp2.local
or
ssh user2@192.168.x.y
Note: If you use the name of the computer then you must add .local
at the end. If you use the local IP address, it may change from time to time if a fixed address is not assigned.
Security concerns
- Router setup
- Enable public key based authentication and disable password based authentication.
- Install and configure a firewall
1. Router setup
Make sure port 22 is not forwarded to any computers in the home router. This will prevent anyone from outside the home LAN use ssh to connect to the home computers.
The instructions are router specific and beyond the scope of this answer as it has nothing to do with Ubuntu.
2. Enable public key based authentication and disable password based authentication
This is more secure way to use ssh. It uses a private-public key pair. The private key remains in the trusted computer from which the ssh connection is made. In this case comp1
. The public key goes to comp2
. Once the keys are in place, you will disable password based authentication in the ssh server in comp2
. If you disable password based authentication without making sure the key based authentication is working, then ssh will not work, as there will be no way to authenticate the remote user.
First generate the private-public key pair in the user1@comp1
. This will need to be done at each user and each local computer from where you ssh to another computer. In a terminal enter:
ssh-keygen -t rsa -b 4096
The process will prompt you for a passphrase. You can hit enter if you don't want one. If you do enter a passphrase, you will be asked for it every time you ssh from comp1
to comp2
. If you use a passphrase it should not be same as the password used for normal login.
Next you will need to copy the public key from comp1
to comp2
. In the terminal in comp1
enter:
ssh-copy-id user2@comp2.local
You will be asked to enter the login password of user2
in comp2
. If you have other computers in the home LAN you want to ssh to from the user1@comp1
then you need not create a new key-pair. Copy the public key of user1@comp1
to the other user accounts in the other remote computers using the above command.
Once the public key is successfully copied to the user2
account of comp2
try to ssh again:
ssh user2@comp2.local
Now you should be able to get into comp2
without user2
's password. At this point one can either use the password or the public key you generated to log in. You can test this by creating a new user (or with an existing second user) in comp1
, such as user1a
. At this stage user1@comp1
will be able to ssh to user2@comp2
without password using the public key. On the other hand user1a@comp1
will be able to ssh to user2@comp2
will need to use the password of user2
.
The next step is to disable the password based authentication. You may want to do this locally in a terminal of comp2
. Use the following command to edit /etc/ssh/sshd_config
sudo nano /etc/ssh/sshd_config
Then make sure it contains the following lines and they are uncommented:
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
Note these lines may not be together. "Uncommented" means there is no #
in front of each of these lines.
Use Ctrl+W to save the changes and Ctrl+X to exit the editor.
Finally, restart the ssh server with the new settings by the following command:
sudo systemctl restart ssh
Now user1@comp1
will still be able to ssh to user2@comp2
without password using the public key. On the other hand user1a@comp1
will get permission denied to ssh to user2@comp2
.
3. Install and configure a firewall
There are many firewall software, and some of them are hard to configure. I suggest you install the "uncomplicated firewall" called ufw
by the command:
sudo apt install ufw
To open the port 22 but only from within the home LAN use the command:
sudo ufw allow from 192.168.x.0/24 to any port 22
Note: replace x
with either 0
or 1
based on your router setup.
This firewall setting in comp2
stops anyone from outside the home LAN use ssh to connect to comp2
. However, it allows anyone (using any computer) within the home LAN try to ssh into comp2
. If comp2
is removed from home and taken somewhere else and connected to another "similar" network, say by WiFi, all the computers in that network will be allowed to access port 22 of comp2
by this firewall setting. For this reason I recommend password based authentication to be disabled and private-public key based authentication be used in all computers running the ssh server.
Hope this helps
ssh
within a home Local Area Network (LAN)
I assume there are two users each with their own computers running Ubuntu.
user1
usescomp1
and
user2
usescomp2
.
The goal is for user1
to remotely access comp2
using user2
's account in comp2
.
Note: If user1
has an account in comp2
and user1
wishes to access her account in comp2
from comp1
then she she does not have to specify the username in the ssh command. ssh comp2.local
will work.
Setup ssh
server in comp2
For this you will need to physically go to comp2
and login to it using an account with administration privileges. I assume that is, user2
account.
Install the ssh
server
Desktop Ubuntu does not come with any servers. To ssh
into comp2
you will first need to install the openssh-server
. Open a terminal in comp2
by pressing Ctrl+Alt+T and enter the following lines one at a time:
sudo apt update
sudo apt install openssh-server
You will be asked for user2
's password. When you type the password the cursor will not move and it will seem like nothing is happening. This is normal. Hit Enter after typing the password. Then follow the instructions.
Once openssh-server
is installed you will see a new options in Settings under sharing called "RemoteLogin" and it will be "On":
The standard Ubuntu desktop does not come with any firewalls installed. If you have a firewall installed then make sure it allows connections to port 22 from within the LAN. The instructions will depend on the specific firewall software.
Test ssh
locally
Still at the terminal of comp2
test that ssh
is working. Enter the command:
ssh 127.0.0.1
The 127.0.0.1
refers to the IP address of the computer you are using. In other words, you are trying to ssh from comp2
to comp2
. If all goes well you will be asked if you are sure you want to connect and then for your password. Once you answer yes
for being sure and enter the password for user2
you will see the terminal prompt change from user2@comp2$
to user2@127.0.0.1$
. This shows that you have successfully sshed from comp2
to itself.
Note: Since the same user (user2
) is ssh-ing in this case, you don't need to specify ssh user2@127.0.0.1
in the ssh command.
ssh
from comp1
To ssh
from comp1
to comp2
you can either use the computer name (hostname) or its IP address. To find the IP address of comp2
use the ifconfig
command in the terminal of comp2
. You will see an address like 192.168.x.y
, where x
can be 0
or 1
and y
can be any number between 2
and 255
.
Form a terminal in comp1
enter either:
ssh user2@comp2.local
or
ssh user2@192.168.x.y
Note: If you use the name of the computer then you must add .local
at the end. If you use the local IP address, it may change from time to time if a fixed address is not assigned.
Security concerns
- Router setup
- Enable public key based authentication and disable password based authentication.
- Install and configure a firewall
1. Router setup
Make sure port 22 is not forwarded to any computers in the home router. This will prevent anyone from outside the home LAN use ssh to connect to the home computers.
The instructions are router specific and beyond the scope of this answer as it has nothing to do with Ubuntu.
2. Enable public key based authentication and disable password based authentication
This is more secure way to use ssh. It uses a private-public key pair. The private key remains in the trusted computer from which the ssh connection is made. In this case comp1
. The public key goes to comp2
. Once the keys are in place, you will disable password based authentication in the ssh server in comp2
. If you disable password based authentication without making sure the key based authentication is working, then ssh will not work, as there will be no way to authenticate the remote user.
First generate the private-public key pair in the user1@comp1
. This will need to be done at each user and each local computer from where you ssh to another computer. In a terminal enter:
ssh-keygen -t rsa -b 4096
The process will prompt you for a passphrase. You can hit enter if you don't want one. If you do enter a passphrase, you will be asked for it every time you ssh from comp1
to comp2
. If you use a passphrase it should not be same as the password used for normal login.
Next you will need to copy the public key from comp1
to comp2
. In the terminal in comp1
enter:
ssh-copy-id user2@comp2.local
You will be asked to enter the login password of user2
in comp2
. If you have other computers in the home LAN you want to ssh to from the user1@comp1
then you need not create a new key-pair. Copy the public key of user1@comp1
to the other user accounts in the other remote computers using the above command.
Once the public key is successfully copied to the user2
account of comp2
try to ssh again:
ssh user2@comp2.local
Now you should be able to get into comp2
without user2
's password. At this point one can either use the password or the public key you generated to log in. You can test this by creating a new user (or with an existing second user) in comp1
, such as user1a
. At this stage user1@comp1
will be able to ssh to user2@comp2
without password using the public key. On the other hand user1a@comp1
will be able to ssh to user2@comp2
will need to use the password of user2
.
The next step is to disable the password based authentication. You may want to do this locally in a terminal of comp2
. Use the following command to edit /etc/ssh/sshd_config
sudo nano /etc/ssh/sshd_config
Then make sure it contains the following lines and they are uncommented:
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
Note these lines may not be together. "Uncommented" means there is no #
in front of each of these lines.
Use Ctrl+W to save the changes and Ctrl+X to exit the editor.
Finally, restart the ssh server with the new settings by the following command:
sudo systemctl restart ssh
Now user1@comp1
will still be able to ssh to user2@comp2
without password using the public key. On the other hand user1a@comp1
will get permission denied to ssh to user2@comp2
.
3. Install and configure a firewall
There are many firewall software, and some of them are hard to configure. I suggest you install the "uncomplicated firewall" called ufw
by the command:
sudo apt install ufw
To open the port 22 but only from within the home LAN use the command:
sudo ufw allow from 192.168.x.0/24 to any port 22
Note: replace x
with either 0
or 1
based on your router setup.
This firewall setting in comp2
stops anyone from outside the home LAN use ssh to connect to comp2
. However, it allows anyone (using any computer) within the home LAN try to ssh into comp2
. If comp2
is removed from home and taken somewhere else and connected to another "similar" network, say by WiFi, all the computers in that network will be allowed to access port 22 of comp2
by this firewall setting. For this reason I recommend password based authentication to be disabled and private-public key based authentication be used in all computers running the ssh server.
Hope this helps
edited yesterday
answered 2 days ago
user68186user68186
15.4k84667
15.4k84667
1
+1 but I have three laptops. Suggest changing "desktop computers" to "machines" for broader audience.
– WinEunuuchs2Unix
2 days ago
@WinEunuuchs2Unix Thanks for pointing this out. I have edited the text and removed "desktop". I prefer "computers" to "machine". I have also mentioned the OS (Ubuntu) to make it clear that it is not Windows to Ubuntu or Ubuntu to Windows kind of answer. On second thought, The answer works for Windows with WSL or native ssh client as well.
– user68186
yesterday
appreciate it very much your elaborate instruction. What do you mean "Make sure port 22 is not forwarded to any computers in the home router." the forward here is the forward in "forward an email"
– user10726006
21 hours ago
@user10726006 Thanks for the appreciation. Feel free to up-vote if not done so already. The "port forwarding" is slightly different from forwarding an email. It is in the router settings. You will have to Google it to know more.
– user68186
10 hours ago
add a comment |
1
+1 but I have three laptops. Suggest changing "desktop computers" to "machines" for broader audience.
– WinEunuuchs2Unix
2 days ago
@WinEunuuchs2Unix Thanks for pointing this out. I have edited the text and removed "desktop". I prefer "computers" to "machine". I have also mentioned the OS (Ubuntu) to make it clear that it is not Windows to Ubuntu or Ubuntu to Windows kind of answer. On second thought, The answer works for Windows with WSL or native ssh client as well.
– user68186
yesterday
appreciate it very much your elaborate instruction. What do you mean "Make sure port 22 is not forwarded to any computers in the home router." the forward here is the forward in "forward an email"
– user10726006
21 hours ago
@user10726006 Thanks for the appreciation. Feel free to up-vote if not done so already. The "port forwarding" is slightly different from forwarding an email. It is in the router settings. You will have to Google it to know more.
– user68186
10 hours ago
1
1
+1 but I have three laptops. Suggest changing "desktop computers" to "machines" for broader audience.
– WinEunuuchs2Unix
2 days ago
+1 but I have three laptops. Suggest changing "desktop computers" to "machines" for broader audience.
– WinEunuuchs2Unix
2 days ago
@WinEunuuchs2Unix Thanks for pointing this out. I have edited the text and removed "desktop". I prefer "computers" to "machine". I have also mentioned the OS (Ubuntu) to make it clear that it is not Windows to Ubuntu or Ubuntu to Windows kind of answer. On second thought, The answer works for Windows with WSL or native ssh client as well.
– user68186
yesterday
@WinEunuuchs2Unix Thanks for pointing this out. I have edited the text and removed "desktop". I prefer "computers" to "machine". I have also mentioned the OS (Ubuntu) to make it clear that it is not Windows to Ubuntu or Ubuntu to Windows kind of answer. On second thought, The answer works for Windows with WSL or native ssh client as well.
– user68186
yesterday
appreciate it very much your elaborate instruction. What do you mean "Make sure port 22 is not forwarded to any computers in the home router." the forward here is the forward in "forward an email"
– user10726006
21 hours ago
appreciate it very much your elaborate instruction. What do you mean "Make sure port 22 is not forwarded to any computers in the home router." the forward here is the forward in "forward an email"
– user10726006
21 hours ago
@user10726006 Thanks for the appreciation. Feel free to up-vote if not done so already. The "port forwarding" is slightly different from forwarding an email. It is in the router settings. You will have to Google it to know more.
– user68186
10 hours ago
@user10726006 Thanks for the appreciation. Feel free to up-vote if not done so already. The "port forwarding" is slightly different from forwarding an email. It is in the router settings. You will have to Google it to know more.
– user68186
10 hours ago
add a comment |
Maybe try to ssh via IP not hostname?
You can check ip using ifconfig
New contributor
add a comment |
Maybe try to ssh via IP not hostname?
You can check ip using ifconfig
New contributor
add a comment |
Maybe try to ssh via IP not hostname?
You can check ip using ifconfig
New contributor
Maybe try to ssh via IP not hostname?
You can check ip using ifconfig
New contributor
New contributor
answered 2 days ago
Mirosław MówińskiMirosław Mówiński
564
564
New contributor
New contributor
add a comment |
add a comment |
Add a string to your /etc/hosts
file like this:
<IP_ADDRESS_OF_YOUR_ALGORITHMS_HOST> algorithms
For example:
192.168.168.168 algorithms
Save /etc/hosts
and try connecting again.
Anyway, as a quick solution, you can always connect directly via IP address:
ssh second@192.168.168.168
New contributor
add a comment |
Add a string to your /etc/hosts
file like this:
<IP_ADDRESS_OF_YOUR_ALGORITHMS_HOST> algorithms
For example:
192.168.168.168 algorithms
Save /etc/hosts
and try connecting again.
Anyway, as a quick solution, you can always connect directly via IP address:
ssh second@192.168.168.168
New contributor
add a comment |
Add a string to your /etc/hosts
file like this:
<IP_ADDRESS_OF_YOUR_ALGORITHMS_HOST> algorithms
For example:
192.168.168.168 algorithms
Save /etc/hosts
and try connecting again.
Anyway, as a quick solution, you can always connect directly via IP address:
ssh second@192.168.168.168
New contributor
Add a string to your /etc/hosts
file like this:
<IP_ADDRESS_OF_YOUR_ALGORITHMS_HOST> algorithms
For example:
192.168.168.168 algorithms
Save /etc/hosts
and try connecting again.
Anyway, as a quick solution, you can always connect directly via IP address:
ssh second@192.168.168.168
New contributor
New contributor
answered 2 days ago
mmvmmv
1
1
New contributor
New contributor
add a comment |
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1107987%2fconnect-two-computers-with-ssh-in-a-home-lan%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
it prompt: ssh: connect to host algorithms.local port 22: Connection refuse @user68186
– user10726006
2 days ago
thank you. Your comment clicks with me. Could you please transmit the comment to answer. @user68186
– user10726006
2 days ago
I am writing an answer.
– user68186
2 days ago