Apologies if the terminology is incorrect, suggestions for better thread title welcome.

I administer (a grand word for my amateur efforts) a server (oakdrum) on a friend's (christine) LAN, which is used to backup her laptop (x1-laptop), and for syncthing, DLNA server, samba etc.

She lives 500 miles from me. After initial setup at her house with physical access, I setup port forwarding on her router so that I could ssh into (oakdrum), and (x1-laptop) for remote assistance via vnc. Having done so, I could also access the web GUI (no telnet or ssh available) of her router from my machine (lutyens) with:

... and configuring a manual proxy in my browser:

... then access her router GUI at 192.168.1.1 on my local machine (lutyens)

This week after a fault her ISP sent her a new router. She's tech-phobic, but swapped it out plug for plug with the broken one. She has WAN access with the default config of course, but (oakdrum) has a different IP so her backup doesn't work, and now I can't get to her LAN.

The limit of her capability is copy pasting a string in the terminal.

assume:
I will temporarily forward port 33022 on my firewall to port 22 on my machine, and enable password only ssh login.
My username on my machine (lutyens) is nedlud.
My dynamic dns is nedlud.dyndns.net


I'm after the cli string that she can use on her laptop (x1-laptop) to ssh to my machine (lutyens), and anything I need to run on (lutyens), such that I can browse to her router config page, and re-establish port forwarding.

MTIA.

You probably want to use a reverse SSH session.

You'll get many hits if you search for it, but here's a random one which explains the basics of it: https://ryan.himmelwright.net/post/s...se-ssh-tunnel/

Yes, that'd be the way to go. Have her system connect to yours using -R option.

Much of that can actually be put in her ~/.ssh/config file so that she only has to type a 'ssh lutyens' or some other shortcut, and that can in turn be put in a script for a .desktop file to click on. For example:

Then once that connection is established, connect almost the same as before, but to localhost instead of oakdrum and specify the port of the tunnel:

Setting up reverse tunnels is rather simple but not deceptively so.

Thank you very much. Hoping it will go well and quickly when I do it for real, I have practised this from my laptop (on public wifi) to simulate, and a VM on my main machine, which I'll use for the real exercise, to avoid exposing my main machine, enabling password ssh, having to provide/change my password etc.

The only things I had to tweak were adding her username when setting up the tunnel for the browser, and specifying the port.

Substituting what worked in my practice run with the dummy hosts and users in the OP, this worked:

christine copy pastes:

Then I:

I could then, with browser settings:

...browse "from" (x1-laptop), proved by visiting whatismyip.com.

So I'm confident that when I do this for real, I'll be able to access her router admin page, which is what I need to achieve. Don't think I'm missing anything, and I'll mark as solved when it's done.

Thanks again!

Just a FYI that you have posted your real username and URL which essentially points a neon target at your server. Changing ssh ports is not a real deterrent.

Thanks Michael, Good of you to take the trouble. However all host names, usernames and ports in my OP are dummies, though accurately describing the commands entered.

I hope to do this thing this evening, and assuming it's successful, I'll add a post describing everything, with "generic specifics", if that makes sense.

Interesting scenario!

I've not a lot of direct experience with ssh tunneling myself... but would having something like tailscale installed on the respective machines help at all? That way they can all 'see' each other on a flat VPN network, with no port forwarding at the router level. Seems like it'd be near ideal for a use case like this...

I'd strongly recommend that the OP go back through his original post and redact the host names and other potentially exposing information. It seems to me that the OP would be best served by investing in some high-quality uninterruptible power supplies a couple of good brands are CYBERPower and APC the latter of which is a synder electric product line.

Thanks for the suggestion, but I don't want to use anything needing third party server, or proprietary (especially with it's roots in Google) if I can help it. I usually use vnc over ssh to provide remote assistance to (christine) so she has to do literally nothing to set up the connection. I'm experimenting with self hosted RustDesk, but haven't figured out how the ssh keys work yet.

As in https://www.linuxquestions.org/quest...6/#post6498905, all host and user names are dummies. Am I missing something?

I'm not seeing how that's directly relevant?

Christine won't be ready to do this for a few days, and when it's done I'll post full details.