Setting up Linux Server

Hey guys I am working on a web dev project and after watching Wendell's Video I went into Des Moines Iowa to find a computer recycling place. I found a rig for 75$. I just installed Ubuntu server on it and I plan on putting it over at my grandmothers house to run a web server I will write. For now I want to set up the server and a SSH so I can remote into the server to do work on it.

So what do I have to do so that I can place the server over there,connect it to the internet. Then I can connect via SSH?

um hopefully isp doesnt block port 22, and setup port forwarding on the router(the server is connected to) to the server for ssh

other than have ssh enabled as a service on the server, and a ssh client on your machine at home

I assume that I need a static IP address?

sorry I dont know much about the IT side of things.

Pretty much because if the IP address changes you'll be unable to connect to the server, they are ways around this such as using a domain and a service that provides DDNS that will update any IP address changes and you'll be able to connect using the domain name.

yeah XD. forgot lol..

would want static ip for the server on that local network and then port forward to specifically that machine the ports you need

If I wanted a static ip address would it cost any additional funds from the ISP?

More than likely but in some cases even if you don't have a static IP the ISP may not change it. I don't have a static IP and it changes maybe once a year if that but it mostly depends on the ISP and what they offer.

There is also the case that the ISP won't provide a static IP no matter what, they'll question why you need it and probably refer you to a business connection which could be much slower and way more expensive.

Well tomorrow I will head over to my grandmothers house and set up the server. I assume I will set up an openSSH server and port forwarding. I will see how long the IP address remains the same. If they only change it once a year it wouldn't be a big deal.

Should I port forward first or set up openSSH first?

I guess it doesn't really matter to be honest but I would setup SSH first on the local network to get it all working, then setup the security certificates and disable password authentication so random people from china can't spam login attempts using passwords.

um shouldnt really make a difference which order, but would have the machine setup first so you can get the ip in question

So... You don't need a static ISP if you have a Dynamic DNS setup. A Dynamic DNS is basically a service that checks with a PC on your network to verify your current IP address, then changes the record for you so that a single URL would always send you to your home network.

Though having a Static IP is easier in that you don't have to deal with anything else.

Your IP could be whatever, but your URL is as an example. Lots of people have DDNS services.

The only requirement is a computer on your network be running a service that "phones home" to the DDNS service's server.

http://www.no-ip.com has that service for free, but it requires you to "verify" the hostname every month to be sure you're still using it.

Some advanced routers, like ASUS' higher end ones, come with built-in DDNS services that are free from ASUS themselves (because honestly, it's not a very intensive service to offer). Their URLs, for example, are asuscomm.com.

http://asusddns.appspot.com/

I personally would configure the SSH service to not use port 22, simply because if your ISP blocks it, you can bypass that in that way. Though finding a port your ISP supports can be a bit annoying.

Here's a potentially handy tool for that: http://www.portchecktool.com/

Note: You will still need to port forward. A DDNS is just getting the connection from wherever you are to your home network. Once it hits your router, Port Forwarding's job is to get it from there to your actual server.

I didn't think the ISP controlled the ports. I thought they were local to the system?

nah isp's firewall/block ports sometimes, to prevent people from doing business stuff on non business lines and stuff like that,

basically will just have to look it up for your isp/use a tool

Uhhh....

So, ports exist on every network level. It's a built-in part of the networking protocol.

Ports exist on the router, on the system, on the connections between you and your ISP, etc etc.

The reason that is, is because you have to carry that information with you the whole way. For your server to know "hey, this is supposed to be using port 22", your IP packet has to say "Hey, I'm using port 22."

The other thing is that the ISP has networking too. They have (very advanced) routers. They use ports too. They can't just change all your network traffic to some port without changing it back to the intended port, or you wouldn't be able to access much. They can overwrite the port for their purposes, but they have to switch it back on it's final destination leaving the ISP or the connection can't work.

Your ISP sees everything you send out, unless it's encrypted, but they still need a destination and port even if it is encrypted. If they see "Oh, hey, he's using port 22. We don't want him to use this connection for business things without paying for a business connection. Let's block that port."

They can basically stop any traffic using that port before it reaches it's destination. The port is written in the IP Packet along with the intended recipient (i.e. your IP address). Otherwise, how would your server know what port the packet was meant to come in on?

Putting that information there is required because you can't route without it. So your ISP can easily block stuff like that.

I mean, some port forwarding pages on routers support also changing what port something is going to. So for example, you're sending the SSH connection over port 2222, but your port forwarding not only sends it to your Server, but changes that to port 22. This way your server uses the default port, but you don't, so your ISP won't block it.

I set up the linux server and I think I started openssh and on the router I port forwarded it. I set the internal ip port to the ip address of the server and the external the ip address of the router. I set the port for open ssh to be 2222. Now I am trying to test it and connect my laptop to the server via ssh and it just endlessly tries to connect to the server?

I am able to connect to it when I connect directly to the computers IP address.

and the external the ip address of the router

That doesn't sound right. You are configuring the Port Forwarding on the router, correct?

Screenshots would help. Windows has a Snipping Tool for that and you can copy the contents directly into the message here. If on linux, there are various tools for that.

Be sure to blur/remove personal info (I copy/paste into Paint and do it there if necessary).

Using ports above 1000 for ssh is a bad idea, read:

• https://www.adayinthelifeof.nl/2012/03/12/why-putting-ssh-on-another-port-than-22-is-bad-idea/

TL;DR

Ports above 1000 can be opened by any user, under only by root, hence a security issue.

As a side note: Set up a firewall, iptables, or Ubuntus iptables wrapper ufw for simplicity:

• https://help.ubuntu.com/community/UFW

yep, I think my problem has something to do with the port forwarding. I am not in the best situation to send pictures but I am pretty sure that my port forwarding is wrong. I set the ports for the port forwarding to be 2221 through 2223 because openssh is running on 2222. I set the internal one to be the ip address of the computer with openssh. What should the external ip address be?

You shouldn't need to set an extenal IP address. You only need to do that if you are sure you'll always use that IP address to access your server.

If I were you, I'd have your client use port 2222, but the forwarding to switch that to port 22 on your server via OpenSSH.

should the external IP address be the ip address of the router though because I had to put something in.