Access your computer over internet in a secure way

Accessing you own data is getting more and more important. Part of it is already accessible from "everywhere", when stored with your emails. But "the cloud" is not that advanced yet and so there are documents you only have on your computer. Imagine you switch place for a couple of days, and still want to be able to look something up. One possibility was to create a backup and store all documents you might need on an external drive - a tedious process, and will forget the <em>one important</em> document. You could also open a port for Windows' Remote Desktop connection, but for security reasons this is not a choice. There should be a secure way to access the data.

Taggings:

Submitted by Michael Kraxner on Mon, 11/15/2010 - 23:59
1 answer

With Tomato compatible router - use its SSH daemon

For this solution you need:

  • a Tomato compatible router
  • a fixed ip address

Tomato is an alternative firmware for Broadcom-based routers like Linksys WRT54G/GL/GS and others.

If you have Tomato installed:

    Configure router:
  1. connect to your router and log in
  2. Go to Administration - Admin Access

    3. in Section SSH Daemon:

  3. check : "Enable at Startup"
  4. check: "Remote Access"
  5. choose a port - (this port be used from outside - you might want to use a port which differs from ssh - default)

    6. There are two ways to access from outside, with the routers admin name and password, or a generated SSH key. (for the latter see further down)

  6. check: "Allow Password Login" (make sure to choose a safe one!)
  7. Save Settings

To establish a remote desktop connection from outside the LAN: Start Putty

  1. Set up a SSH connection to your computer: [your IP-address] and the remote port you defined before
  2. Set up SSH port forwarding:
  • Source port: choose one - 6666
  • Destination: <local-ip of computer you want to connect to>:<port of service you want to connect to, e.g: 3389> - for remote desktop connection
  • local, auto: checked
  • -> Add

From now on you only have to open the SSH connection, and all communication going to e.g. 6666 will be forwarded to the LAN (You will have to enter the routers admin-username and password.)
You can open the remote desktop connection: connect to localhost: (e.g. 6666)

To improve security, you can use ssh keyfiles instead of the routers credentials.

  1. Start putty gen and generate a key
  2. copy the key to the clipboard , open the routers admin console and paste the key into the field: Authorized Keys, save changes
  3. store the key to a ppk file
  4. Open putty, go to Connection-SSH-Auth, and Browse-select the ppk file

    5. Now, when you open the previously stored SSH connection, enter the password for the SSH key

Submitted by Michael Kraxner on Tue, 11/16/2010 - 01:15