Legal MattersIt appears to me that a personal ssh server is legal and acceptable to use [at least if you are with Comcast].
The Comcast Terms of Service:
The relevant bullets under Technical restrictions are:
* use or run dedicated, stand-alone equipment or servers from the Premises that provide network content or any other services to anyone outside of your Premises local area network (“Premises LAN”), also commonly referred to as public services or servers. Examples of prohibited equipment and servers include, but are not limited to, e-mail, Web hosting, file sharing, and proxy services and servers;Also, note that the ssh port (22) is not blocked by comcast.
* use or run programs from the Premises that provide network content or any other services to anyone outside of your Premises LAN, except for personal and non-commercial residential use; (my emphasis)
How to setup a personal ssh serverThis should work in many different distros and versions with only minor modification.
sudo aptitude install openssh-server
- Since I have kids with weak passwords using my computer, I only want a couple accounts to be accessible. Edit /etc/ssh/sshd_config and add something like this:
AllowUsers user1 user2 user3This will prevent other user accounts from being accessible.
- It is generally a good idea to use a static IP address so your router knows where to send the ssh traffic. Right click your wireless icon on the panel and edit your connection. Shown to the right is a setup that is compatible with a linksys router (i.e., the router IP address is 192.168.1.1).
- Forward port 22 traffic to your statically assigned PC (see image below for router specs).
- Use a service like dyndns.com to associate a static IP address with your dynamically assigned address.
- Run ddclient to update dyndns.com.
sudo aptitude install ddclientHere is a configuration file (/etc/ddclient.conf) that works for me:
daemon=600 use=web, web=checkip.dyndns.com/, web-skip='IP Address' login=
password= protocol=dyndns2 server=members.dyndns.org wildcard=YES jtprince.dyndns.org, bwv549.homeip.net
Now, you should be able to ssh into your home computer from anywhere in the world. Also, please note that you can do just about anything with ssh access.