Setting up dynamic DNS with Tomato and Namecheap, and limiting SSH
Posted: - Modified: | geek, linuxWe have a computer downstairs with backups of files, and I’ve been using it to explore Vagrant and development using virtual machines as well. It can be useful to be able to SSH into it from outside our network, so I spent some time setting up a dynamic domain name, port forwarding, and new limits for the SSH server.
Namecheap (the domain name registrar that I use) supports dynamic domains, so it was easy to enable.
- Enable dynamic domains: Manage Domains, choose the domain, and then choose Dynamic DNS. Enable it and copy the password.
- Create an A record: Choose All Records and add a subdomain with a temporary address (ex: 127.0.0.1) and type A. Save the settings.
Our router uses the Tomato firmware, which has built-in support for Namecheap and other dynamic DNS provider.
- Click on Basic – DDNS.
- Fill in the details for Dynamic DNS 1.
Before I forwarded the ports, I wanted to make sure that SSH permitted password authentication on our local network but required passphrases for external connections. OpenSSH: requiring keys, but allow passwords from some locations (Michael W. Lucas) was really helpful. I edited /etc/ssh/sshd_config
, set PasswordAuthentication no
, and added the following lines to the end of the file:
Match Address 192.168.0.0/16 PasswordAuthentication yes
(I had some problems in the beginning because I typed this as Yes
instead of yes
… Case matters!)
I restarted the SSH server with service ssh restart
and confirmed that I could still SSH in.
Back to Tomato. Port Forwarding lets you set up forwarding rules. The port for SSH is 22, so I filled in a row with the port I wanted, the internal port, and the internal IP address of the server. I clicked Save (forgot to do this a few times because the button was near the end of the page) and that was that.
On Windows, I walked W- through generating a DSA public key with PuttyGEN, loading it in Pageant, and copying it to his .ssh/authorized_keys2
file.
Posting this here because I’m probably going to want to do this again someday, and it took some searching around. Besides, someone might find it handy!