Paolo Molignini, PhD · Follow
10 min read · May 31, 2023
--
I’m a researcher in quantum physics and when I tell that to non-scientists or even to other scientists from different fields (e.g. biology), they often picture me at a blackboard solving complicated equations by hand. In reality, I spend most of my time running simulations on a computer, or trying to solve those complicated equations, yes, but with the help of a computer. Being involved in many different projects at the same time, computational power is often the bottleneck of my research. Too many equations to solve, too few computers to use. Therefore, getting my hands on as many computing devices as possible is crucial for my productivity.
I already run simulations on several supercomputing clusters which I can access remotely. Then there is my work laptop which I use at the office (and which I can bring with me if needed). I also own a couple of personal laptops, and it would be good to run calculations on them too. However, it is impractical to carry three laptops with me all the time, not to mention finding sockets to keep them charged all at once in the same room or switching keyboards and mouse all the time.
Luckily, there is a very practical solution to this: the secure shell protocol, or SSH in short. SSH allows you to safely connect to any remote device by knowing their hostname or IP address. If you have done calculations on computing clusters before, you should be very familiar with the SSH protocol. In this article, I will show you how you can use SSH to connect to your personal laptop(s), too. For simplicity, I will only focus on Mac OS systems, since that’s what I use, but you can use SSH to connect to all the other platforms too.
If you’re in a rush, just skip to the very last section where I give a brief summary of all the steps needed to set up the ssh connection.
Enable remote login
The first thing you need to do is to enable your laptop to receive remote connections. All modern Macs come with SSH pre-installed, but the SSH daemon to receive external connections is disabled by default and needs to activated. In a MacBook, you do so by clicking on the Apple logo -> System Preferences -> Sharing and then ticking the box “Remote login”, as shown in the pictures below. You can additionally specify whether all users or only some are allowed to login remotely. You will likely need to have administrator privileges to make this change.
Note that in some earlier OS versions (specifically macOS Catalina), I encountered a bug in which after ticking remote login, the activation hangs on forever. After a quick internet search, I discovered that this a bug tied to a security update performed in 2022 (see this thread). Luckily, you can fix it by typing the following command in your terminal:
Make your internal IP static
To do to guarantee a reliable connection to your home laptop from a remote location you also need to make the local IP address assigned to your device static. Whenever you connect a device to your home network, it will get assigned a sequence of four 3-digit numbers (more precisely a 32-bit number) known as an internal IP address that allows communication between your device and your router. This is different than your public or external IP address that is assigned to your router by your internet service provider (ISP) and allows the outside world to connect with you. In a sense, the external IP address is equivalent to a phone number, and the internal IP addresses are similar to phone extensions to additionally redirect the call to a more precise location in your home.
The router also has its own internal IP address, typically 192.168.1.1 or 192.168.0.1. If you type this IP in your web browser, you should be prompted to the router settings and you should be able to configure your internet connection — more on that later.
Your device inherits a slightly modified version of the router IP address, usually 192.168.1.XXX or 192.168.0.XXX, where XXX is a number from 0 to 255. By default the internal IP address of your device is assigned dynamically. Let’s say you go on vacation and take your laptop with you. Your laptop will then disconnect from the local network and its internal IP address will be freed up for other devices to take. Once you come back, your laptop will have to log in again. The router will then assign it a new internal IP address and generally this might not be the same as the old one.
Dynamical IP address guarantee a lot of flexibility, but they are a problem if you want to be able to connect to your device remotely, because you would need to constantly verify and update the dynamically allocated IP address. Luckily, you can fix the internal IP address of a device to be static, i.e. to never change its value. As we shall see later, this then allows us to forward any incoming external connection from the router to the given device by configuring port forwarding to its static IP.
There are several ways to make the internal IP address static. Some routers allow you to manually configure the IP addresses of all the connected devices. If that’s the case for your router, you can do so by going to 192.168.1.1 or 192.168.0.1 in your web browser and manually set the internal IP address of the device in question. If you don’t have this option, you can also configure the internal IP address manually on your laptop. On a MacBook, for instance, you should navigate to your network preferences, selecting your Wi-Fi connection and clicking on the “Advanced…” button (see picture below).
Once you are in the Advanced option window, click on the TCP/IP tab and for the Configure IPv4 option select “Using DHCP with manual address”. IPv4 refers to the version of the internet protocol (the 32-bit one) and DHCP stands for dynamic host configuration protocol. Then you need to provide a value for the IPv4 address. For simplicity, keep the first three digits equal to the ones of the router (e.g. 192.168.1) and then choose a value between 0 and 255 for the last digit. Done! Your laptop will now maintain the same internal IP address.
Configure port forwarding
The main step that you need to take in setting up a remote ssh connection to your laptop is to configure port forwarding. A port is a number (yes, another one!) assigned to uniquely identify a connection endpoint and to direct data to specific applications. Having ports thus allows separate communication sessions initiated by different applications to happen simultaneously.
For TCP and UDP (the internet data transport protocols), port numbers range from 0 to 65535, i.e. they are a 16-bit integer. The port numbers lower than 1024 are reserved (see this page for a comprehensive list). For instance, SSH is by default associated with port 22. However, you can also use it to connect to other higher-numbered ports if you want to. The reverse is not true. For instance, you should not (and cannot) use the MineCraft server to connect to port 22 because it is reserved for SSH only.
In essence, with ports you can steer any incoming connection. Ports are typically associated with a particular software, but we can also configure the router to forward the incoming traffic from a given port to a selected device. This is usually done at the level of the router configuration. Let’s see how this is done.
Navigate to your router IP (e.g. for me that’s 192.168.1.1). Login by providing username and password. This should’ve been given to you by your ISP. If they haven’t given you a specific login, then the username is likely “admin” and the password is either “admin” or the Wi-Fi password itself. Once you are into the router configuration page, locate the “port forwarding” section. There, you should see a page where you should be able to input the port number, the internal IP address of your laptop etc. It should look something like the screenshot below (I use an icotera i4880, but your router might have a different interface).
You will need to fill out the following information for each port forwarding you want to set up:
- Name: give a name to your port forwarding such that you can easily remember which device they refer to.
- Protocols: here you can choose which transport protocols the port forwarding applies to, UDP or TCP. If you have the option “both”, you should select this.
- External Ports: here you will specify which ports will be listened to when forwarding incoming connections. If you only have one device to remotely connect to via SSH you can keep the standard port 22. However, if you want to set up multiple connections you should give separate port numbers for each (and recall they should be higher than 1024). In my case, I chose 2222 and 2223.
- Internal IP: provide the internal IP address of every device you want to port forward to. Remember that they need to be static (see above).
- Internal port: this is the internal port of the device you’re forwarding to and it should be 22 for the SSH protocol.
- Enabled: finally, remember to enable the port forwarding, save the changes, and update the settings (the page will likely need to be refreshed).
Modify the sshd_config file
The last step you need to take to enable SSH connection to function properly is to make sure that SSH allows remote hosts to forwarded ports. This function is disabled by default. To enable it, you should open the sshd_config file and make sure that it contains a line with “GatewayPorts yes”. On a Mac, the configuration file should be located in the folder /private/etc/ssh/ (on Linux it should be simply /etc/ssh/). The configuration file will probably be saved in read-only mode, so you need to modify it by accessing it with superuser privileges. If you use vim as your file editor, the syntax is
sudo vim sshd_config
You will prompted to type in your password, and afterward you can modify the file to include GatewayPorts yes.
Find out your external IP address
Now that you have set up port forwarding and enabled all the features required for the SSH connection, you just need to find out what is your external IP. There is many ways to do so, but the easiest is probably just going to https://www.whatismyip.com and copying the number that appears on the page. It should again be a 32-bit number in the format XXX.XXX.XXX.XXX.
Note that your external IP address might change in time (although it’s typically the same for months on end), so you need to make sure you have the updated IP whenever you leave home and want to connect remotely. If you don’t want to double check every time, you can also set up a DDNS (dynamic domain name system) service. This is a publicly accessible third-party server that’s generally open for anyone on the internet to access and update. Setting up an external DNS allows you to use a static hostname (e.g. example.com) instead of a mutable IP address when you connect remotely to your laptop. There are both paid and free services offering this, and if you want to know more you can have a read here.
Test your SSH connection
You’re all set! Now you can try to connect to your laptop remotely. If you have a VPN software, you can even do a test locally. Turn on the VPN on one machine, open the terminal, and type:
ssh -p PORTNUMBER username@external_IP_or_hostname
For me, for example, that command would look something like this:
ssh -p 2222 [email protected]
The flag -p specifies the port you are trying to connect to. If it’s not given, it will try to connect to port 22 by default. After connecting you will be asked to trust the SSH certificate of the host and to add it to your database (type yes). Then you will need to write the password of your local laptop and boom! you’re in. You can now freely browse around your home computer from any location around the world!
Summary
Here is a quick summary of all the steps we took to enable remote SSH connection to our home computer:
- Enable remote login in System Preferences -> Shared.
- Make your internal IP address static in Network Preferences.
- Set up port forwarding on your local router.
- Add “GatewayPort yes” to your sshd_config file.
- Find out your external IP address.
- ssh -p PORTNUMBER username@external_IP_or_hostname
I hope being able to connect remotely to your home computer will be useful to you and will increase your productivity!
