Tuesday, May 4, 2010

Your own legal ssh personal server on comcast with Ubuntu 10.04

Legal Matters

It appears to me that a personal ssh server is legal and acceptable to use [at least if you are with Comcast].
The Comcast Terms of Service:

The relevant bullets under Technical restrictions are:
* use or run dedicated, stand-alone equipment or servers from the Premises that provide network content or any other services to anyone outside of your Premises local area network (“Premises LAN”), also commonly referred to as public services or servers. Examples of prohibited equipment and servers include, but are not limited to, e-mail, Web hosting, file sharing, and proxy services and servers;
* use or run programs from the Premises that provide network content or any other services to anyone outside of your Premises LAN, except for personal and non-commercial residential use;  (my emphasis)
Also, note that the ssh port (22) is not blocked by comcast.

How to setup a personal ssh server

This should work in many different distros and versions with only minor modification.

  1. sudo aptitude install openssh-server
  2. Since I have kids with weak passwords using my computer, I only want a couple accounts to be accessible. Edit /etc/ssh/sshd_config and add something like this:
    AllowUsers user1 user2 user3
    This will prevent other user accounts from being accessible.
  3. It is generally a good idea to use a static IP address so your router knows where to send the ssh traffic.  Right click your wireless icon on the panel and edit your connection.  Shown to the right is a setup that is compatible with a linksys router (i.e., the router IP address is
  4. Forward port 22 traffic to your statically assigned PC (see image below for router specs).
  5. Use a service like dyndns.com to associate a static IP address with your dynamically assigned address.
  6. Run ddclient to update dyndns.com.
    sudo aptitude install ddclient
    Here is a configuration file (/etc/ddclient.conf) that works for me:
    use=web, web=checkip.dyndns.com/, web-skip='IP Address'
    jtprince.dyndns.org, bwv549.homeip.net

Now, you should be able to ssh into your home computer from anywhere in the world. Also, please note that you can do just about anything with ssh access.

No comments: