this post was submitted on 18 Nov 2023
2 points (100.0% liked)
Self-Hosted Main
515 readers
1 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
For Example
- Service: Dropbox - Alternative: Nextcloud
- Service: Google Reader - Alternative: Tiny Tiny RSS
- Service: Blogger - Alternative: WordPress
We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.
Useful Lists
- Awesome-Selfhosted List of Software
- Awesome-Sysadmin List of Software
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Please tell me you plan to use ssh keys and preferable fail2ban and a firewall on your machine if you are not using a VPN / Cloudflare tunnel.
https://www.tomshardware.com/how-to/use-a-secure-key-for-ssh is one starting point but u/flaming_m0e nailedit - what actually is your problem?
I would also ask - what do you aim to do?
Some clue as to your network kit (esp the router and if you are on CGNAT) would also help.
what i'm aiming to do is to be able to ssh/access to it through the internet my router is fiberhome router
Not a router I know so I can only give general advice.
You need to find out if your ISP allows incoming connections on port 22
You will need to find out if you are on CGNAT or equivalent for your internet connection - look at the external IP address of your kit.
You will need to set your Pi up to have a fixed IP address internally (based done on the router / DHCP server rather than on the PI)
Get fail2ban and ssh keys working first (I would also look to add UFW - do it with a keyboard and screen set up just incase you lock down port 22 in error).
Then you will need to find your router manual and look at that for port forwarding, It can be called a few things:
Avoid anything that is setting up DMZ - you only want to to open one port to the Pi and keep it on your network.
Normally port forwarding will need to know the source and destination port (port 22 in both cases for SSH by default) and the internal IP address or destination (the PI) - some routers will need the MAC address of the PI instead of the IP address. You can normally find this from the router / DHCP server or from the Pi using
ip a
and looking for the MAC details. Some folk will recommend moving ssh from port 22 - two minds over this as a port scan will show the new port up BUT you do stop the stupid attacks that try to brute force 22 using pi / raspberryTesting is best done with a different network - use your mobile or a different house as lots of routers do not allow a loop back (hair pinning) into the same network as your originate the connection.
If you find yourself on CGNAT or not able to open port 22 then there are a few things you can look at:
All of these require a small client program to be running on the Pi or other machine.
turns out i'm behind a cgnat so that's why i can't port forward so in the end i setup tailscale to bypass it thanks a lot for the info
connection timed out everytime i want to connect to it from a diffrent network and yes i do plan on using fail2ban and firewall