Ssh to server in local wifi network without router access

Question

I am new to setting up ssh server. I wanted to set up my desktop as a server at home so that I can run programs on my desktop remotely, after installed a few necessary packages, I could have my laptop that is in the same wifi network connect to my desktop but it will not connect once it is outside this wifi network.

After some search online, I found this page very relevant: Configure OpenSSH server and router to accept SSH connection over internet? so the suggestion is to configure the router and make a port forwarding(if someone could explain the concept in simple terms would also be great), however I do not have the access to the router(at least for now) as I am renting the place and the router was set up by someone else. I was just wondering are there any options left or do I have to have the access to configure the router?

Answer 1

Your WiFi is behind a NAT and uses private, non-routable IP addresses (e.g. 192.168.x.x). So you can't access your internal network from the Internet (this is a security feature).

You can't really access your internal network from the outside without port forwarding or a VPN.

Forwarding a port is configuring your router so that a port on the internet side (all ports are normally closed, so no inbound connections are accepted) accepts incoming connections and transfers them to a system on the internal network side. How you do this depends on your router.

You'll need to forward port 22, but it could be your ISP blocks connections to that port. If so, select another port (e.g. 2222) above port 1024 (all below 1024 are reserved). You'll also have to secure your system strongly, as it is now open to the internet. So you'll have to configure, at the least, your firewall and secure your openSSH system.

Also, you probably have a dynamic IP address, so you will need something like Dynamic DNS to tie your (changing) IP address to a domain name. Otherwise, you'll have to remember which IP you are using.

If you want to use a VPN, you'll have to create a VPN server (e.g. on a VPS) and connect both your desktop and your mobile system to that VPN server. Internally, you will have to configure a network so they can access each other. You can do this with OpenVPN. You won't have to do port forwarding, but it is not easy to configure. I would not recommend this unless you have some experience with networking and server administration.