SSH Non Static IP
So once we have our server up and running, we would always want to have a remote access to the server. For this there are multiple options available. So let us discuss about the options and their Challenges.
It is also important that your server has a static IP address. If your server does not have a static IP, then it is difficult to connect to it remotely.
OPTION 1: DUCKDNS
So the first and foremost option is to convert your dynamic IP into a domain name. And access the SSH used in that domain name. Like for example you can update your server IP nnto duck DNS and get a domain name. You can continuously keep monitoring the change in your server IP, Which basically depends on your Internet Service Provider. And on detecting such change in your server IP you can update the IP on But duck DNS portal, Using the API keys.
But things are not that simple. In case your ISP provides you an IPV6 Dynamic IP then you cannot access it over an IPV4 network.
I have covered this issue And solutions in my blog post for which the links are provided below.
Another simpler approach Is using the Cloudflare WARP VPN, Which provides an IPV6 access to your IPV4 network (ISP).
The issue with this method is that your server IP would be exposed to the Internet and Hackers can try to Hack into your server. So it is generally recommended to not expose your server IP to the Internet.
Note that you would need to open the SSH port in the routers firewall for an incoming SSH connection.
OPTION 2: CLOUDFLARE TUNNEL
Another option is to use Cloudflare tunnels on your server. This creates a tunnel between your server and Cloudflare. In this method you do not need to open any of the ports on your router. This methods also overcome the issue of IPV 6 and IPV 4 difference. Another benefit of this method is that you can put an additional layer of authentication before you access your SSH. These authentication method includes OTP over email and several other Oauth providers like Github, Google, etc.
The limitation of this method is that you will be able to access your SSH on your browser And the operation speeds would depend on the speed of the tunnel which is not very good, but for SSH connection it is ok. It is not recommended for hosting some web pages or web services because the speeds are very slow.
Let's look at the steps to install Cloudflare tunnel.
- First you have to create a Cloudflare Zero trust account.
- You should also have a domain name registered with you, which you would need to transfer to Cloudflare if not already.
- Go to Networks and then two Connectors and then Create a tunnel.
- Based on your operating system, a step by step guide will be presented to you on the Cloudflare website.
- This will basically install the Cloudflare tunnel daemon on your server and. Connect it with your Cloudflare account.
- The next step would be to create a specific service for SSH Which points to your localhost and SSH port.
- You will also need to create a policy which is basically the authentication policy, including what type of authentications are allowed.
- Then we need to create an application under the Access Control Section. This application would be Applicable for our SSH tunnel which we created. And it also links the authentication policy created in the previous step.
- While setting this up, ensure that you enable the browser access for SSH. Have a look at this video for reference.
- If you keep app password based authentication, this is all the steps you want to follow. In case you have a key for accessing your SSH, there is an important point to note here. Not all the types of keys are allowed via Cloudflare tunnel. So you need to generate. A specific type of key which are allowed and use the same for login.
Cloudflare's browser-rendered SSH terminal supports the following Key Exchange (KEX) algorithms:
curve25519-sha256@libssh.org
curve25519-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
Option 3: TAILSCALE
Tailscale is a mesh VPN (Virtual Private Network) service that streamlines connecting devices and services securely across different networks.
So basically what tailscale does is it creates A mesh where each of your devices. Will be provided. An IP. And once you connect to the mesh, you can access each of these devices from one another. Without worrying about an IPV 4, IPV 6 interpolation.
The best thing is that this is a peer to peer connection and thus there will not be any slowness in the network. Again, this method also does not require you to open specific ports on your router. The only limitation to this method is that you can access your server from your own devices which have been registered over the Tailscales network. But then this is not exactly a limitation, because even remotely you would be accessing your server from your own laptop or mobile phone. In case of a rare usage from another computer. You can Add that computer to your tailscales network. Which will be authenticated by your google or any other authentication. While leaving you may remove the computer from the Tailscale network or just log out of the Tailscale network.
Setting up this method is also very easy. On your server you can run the below commands. And on your other devices like Windows and Android you can install the application and your device will be automatically registered.
- Add Tailscale's package signing key and repository:
curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/noble.noarmor.gpg | sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/noble.tailscale-keyring.list | sudo tee /etc/apt/sources.list.d/tailscale.list
- Install Tailscale:
sudo apt-get update
sudo apt-get install tailscale
- Connect your machine to your Tailscale network and authenticate in your browser:
sudo tailscale up
- You can find your Tailscale IPv4 address by running:
tailscale ip -4
- Now access the ssh using server's Tailscale IP (offcourse from your registered device on the Tailscale network)
It is important that you have proper firewall Rules configured on your server so as to allow the SSH connections