Access to your Home Server from anywhere with SSH and DuckDNS

3 Comments / Docker, Linux / By


This is a simple tutorial to make a permanent link to your home server without having a static public IP. We are going to use DuckDNS as our DynDNS on Docker and install SSH to access.
In this tutorial I’m going to be using Ubuntu 20.04 LTS, you can check your OS with:

$ cat /etc/os-release
$ lsb_release -a
$ hostnamectl

If you want to check your kernel version:

$ uname -r

Next we are going to update the system and install ssh:

$ sudo apt update -y && apt upgrade -y
$ sudo apt install openssh-server -y

After install OpenSSH server, I highly recommend changing the port that ssh use, the default it’s 22. We can avoid this step but in the fail2ban server tutorial we can check in this blog, we can find that many attacks are direct to this default server, so if we change it, it will be a little more complex for the attackers to find out the correct port.

To do this, we are just going to edit the OpenSSH config file:

$ sudo nano /etc/ssh/sshd_config

We need to find the line that says:

#Port 22

Delete the “#” and change the number to, for example:

Port 40004

You can use a port in the range of 1 to 65535 but no any number, there are some dedicated ports you can change it but this I could cause trouble in your server. Here is the list of dedicated ports.

Firewall

Now we are going to need to open the port to connect to our server from internet. If you don’t change the default port, you have to use the following command to enable ssh:

$ sudo ufw allow ssh

UFW is the Ubuntu’s default firewall, with this we enable the ssh traffic.
If you change the default port, we are going to need to open the especific port, so we are going to type:

$ sudo ufw allow 40004/tcp

Then we can’t check the UFW rules status with:

$ sudo ufw status

Testing local connection

Now we can test if the local connection work, to then open it to the world. Now we need to test our ssh server with other pc or phone in the same local network. From Mac, Linux or Windows (also terminal app for iOS/android) we can make a test from the terminal typing:

$ ssh "username"@"ip or domain name" -p "port"
example
$ ssh [email protected] -p 40004

If everything is okay, the terminal is going to tell us if we are sure to continuing connecting, we type yes, and then it’s going to ask us for our password. If everything is fine, we can now access to our home server remotely. Now It’s when the fun begins, we are going to open our server to the world with DuckDNS on Docker.

Open router port

We also are going to need to open our home router port, this is going to change depends on our model, you need to find out how to open the port in your specific model. I’m using a Mikrotik WebConfig, so we need to go to IP>Firewall>Add New, and set up the Chain as “forward”, Protocol “TCP”, Destination Port (in this case) 40004 and the Action “accept”

DuckDNS on Docker

When we contract an ISP, they gave us a dynamic IP, most connections to the internet are through a dynamic external IP address which changes quite often (weekly or even daily). This can make it very difficult to connect to home services from an external computer. Duck DNS is a provider of what is known as a DDNS (Dynamic DNS), periodically, the computer running the client, tells DuckDNS central system (via HTTPS post), to update the record with its latest external IP.

The first thing to do is make an account or log in on DuckDNS website and create a free domain.

DuckDNS website

After that, we need to edit our docker-compose file. The image we are going to use is linuxserver/duckdns, this is linuxserver GitHub.

version: '3.4'
services:

  duckdns:
    image: linuxserver/duckdns
    container_name: duckdns
    environment:
      - TZ=America/Argentina/Mendoza
      - SUBDOMAINS=blogmatiasm
      - TOKEN=01bffa9f-6350-47e5-92c0-b97854ad0701
      - LOG_FILE=false #optional
    restart: always

In SUBDOMAINS, we need to add the name we create previously on DuckDNS, and in TOKEN we set the token that we find on DuckDNS website.

And that’s all the configuration we need!, just reload docker compose and test your connection from internet:

$ docker-compose up -d
# From internet in a different computer/phone
$ ssh [email protected] -p 40004

Note: it could take some hours for your ISP DNS to refresh his domain, so be patience.

3 thoughts on “Access to your Home Server from anywhere with SSH and DuckDNS”

  1. Pingback: Nextcloud: your own Google Drive – the admin notes

  2. Pingback: VS Code on Docker: Set the powerful IDE and code from anywhere, even with your phone – the admin notes

  3. Pingback: Secure your site: Docker and Traefik for SSL domain deployment – the admin notes

Leave a Comment

Your email address will not be published. Required fields are marked *