Connect two computers with SSH in a home LAN

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP












2















I have two ubuntu computer shared the same wifi and desire to reach another from one's terminal.



First create an user on the second computer named "Second" and hostname "Algorithms"



Then tried to reach it from the other with SSH,
but get error report as



$ ssh second@Algorithms 
ssh: Could not resolve hostname algorithms: nodename nor servname provided, or not known


The solution I tried is based on networking - Reach other computer from the local - Ask Ubuntu



What's the problem with my experiment?










share|improve this question
























  • it prompt: ssh: connect to host algorithms.local port 22: Connection refuse @user68186

    – user10726006
    Jan 8 at 13:43











  • thank you. Your comment clicks with me. Could you please transmit the comment to answer. @user68186

    – user10726006
    Jan 8 at 15:00











  • I am writing an answer.

    – user68186
    Jan 8 at 15:06















2















I have two ubuntu computer shared the same wifi and desire to reach another from one's terminal.



First create an user on the second computer named "Second" and hostname "Algorithms"



Then tried to reach it from the other with SSH,
but get error report as



$ ssh second@Algorithms 
ssh: Could not resolve hostname algorithms: nodename nor servname provided, or not known


The solution I tried is based on networking - Reach other computer from the local - Ask Ubuntu



What's the problem with my experiment?










share|improve this question
























  • it prompt: ssh: connect to host algorithms.local port 22: Connection refuse @user68186

    – user10726006
    Jan 8 at 13:43











  • thank you. Your comment clicks with me. Could you please transmit the comment to answer. @user68186

    – user10726006
    Jan 8 at 15:00











  • I am writing an answer.

    – user68186
    Jan 8 at 15:06













2












2








2








I have two ubuntu computer shared the same wifi and desire to reach another from one's terminal.



First create an user on the second computer named "Second" and hostname "Algorithms"



Then tried to reach it from the other with SSH,
but get error report as



$ ssh second@Algorithms 
ssh: Could not resolve hostname algorithms: nodename nor servname provided, or not known


The solution I tried is based on networking - Reach other computer from the local - Ask Ubuntu



What's the problem with my experiment?










share|improve this question
















I have two ubuntu computer shared the same wifi and desire to reach another from one's terminal.



First create an user on the second computer named "Second" and hostname "Algorithms"



Then tried to reach it from the other with SSH,
but get error report as



$ ssh second@Algorithms 
ssh: Could not resolve hostname algorithms: nodename nor servname provided, or not known


The solution I tried is based on networking - Reach other computer from the local - Ask Ubuntu



What's the problem with my experiment?







networking






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jan 8 at 14:33









user68186

15.5k84667




15.5k84667










asked Jan 8 at 13:28









user10726006user10726006

903




903












  • it prompt: ssh: connect to host algorithms.local port 22: Connection refuse @user68186

    – user10726006
    Jan 8 at 13:43











  • thank you. Your comment clicks with me. Could you please transmit the comment to answer. @user68186

    – user10726006
    Jan 8 at 15:00











  • I am writing an answer.

    – user68186
    Jan 8 at 15:06

















  • it prompt: ssh: connect to host algorithms.local port 22: Connection refuse @user68186

    – user10726006
    Jan 8 at 13:43











  • thank you. Your comment clicks with me. Could you please transmit the comment to answer. @user68186

    – user10726006
    Jan 8 at 15:00











  • I am writing an answer.

    – user68186
    Jan 8 at 15:06
















it prompt: ssh: connect to host algorithms.local port 22: Connection refuse @user68186

– user10726006
Jan 8 at 13:43





it prompt: ssh: connect to host algorithms.local port 22: Connection refuse @user68186

– user10726006
Jan 8 at 13:43













thank you. Your comment clicks with me. Could you please transmit the comment to answer. @user68186

– user10726006
Jan 8 at 15:00





thank you. Your comment clicks with me. Could you please transmit the comment to answer. @user68186

– user10726006
Jan 8 at 15:00













I am writing an answer.

– user68186
Jan 8 at 15:06





I am writing an answer.

– user68186
Jan 8 at 15:06










3 Answers
3






active

oldest

votes


















9















ssh within a home Local Area Network (LAN)



I assume there are two users each with their own computers running Ubuntu.




  • user1 uses comp1 and


  • user2 uses comp2.

The goal is for user1 to remotely access comp2 using user2's account in comp2.



Note: If user1 has an account in comp2 and user1 wishes to access her account in comp2 from comp1 then she she does not have to specify the username in the ssh command. ssh comp2.local will work.



Setup ssh server in comp2



For this you will need to physically go to comp2 and login to it using an account with administration privileges. I assume that is, user2 account.



Install the ssh server



Desktop Ubuntu does not come with any servers. To ssh into comp2 you will first need to install the openssh-server. Open a terminal in comp2 by pressing Ctrl+Alt+T and enter the following lines one at a time:



sudo apt update
sudo apt install openssh-server


You will be asked for user2's password. When you type the password the cursor will not move and it will seem like nothing is happening. This is normal. Hit Enter after typing the password. Then follow the instructions.



Once openssh-server is installed you will see a new options in Settings under sharing called "RemoteLogin" and it will be "On":



enter image description here



The standard Ubuntu desktop does not come with any firewalls installed. If you have a firewall installed then make sure it allows connections to port 22 from within the LAN. The instructions will depend on the specific firewall software.



Test ssh locally



Still at the terminal of comp2 test that ssh is working. Enter the command:



ssh 127.0.0.1


The 127.0.0.1 refers to the IP address of the computer you are using. In other words, you are trying to ssh from comp2 to comp2. If all goes well you will be asked if you are sure you want to connect and then for your password. Once you answer yes for being sure and enter the password for user2 you will see the terminal prompt change from user2@comp2$ to user2@127.0.0.1$. This shows that you have successfully sshed from comp2 to itself.



Note: Since the same user (user2) is ssh-ing in this case, you don't need to specify ssh user2@127.0.0.1 in the ssh command.




ssh from comp1



To ssh from comp1 to comp2 you can either use the computer name (hostname) or its IP address. To find the IP address of comp2 use the ifconfig command in the terminal of comp2. You will see an address like 192.168.x.y, where x can be 0 or 1 and y can be any number between 2 and 255.



Form a terminal in comp1 enter either:



ssh user2@comp2.local


or



ssh user2@192.168.x.y


Note: If you use the name of the computer then you must add .local at the end. If you use the local IP address, it may change from time to time if a fixed address is not assigned.



Security concerns



  1. Router setup

  2. Enable public key based authentication and disable password based authentication.

  3. Install and configure a firewall

1. Router setup



Make sure port 22 is not forwarded to any computers in the home router. This will prevent anyone from outside the home LAN use ssh to connect to the home computers.



The instructions are router specific and beyond the scope of this answer as it has nothing to do with Ubuntu.



2. Enable public key based authentication and disable password based authentication



This is more secure way to use ssh. It uses a private-public key pair. The private key remains in the trusted computer from which the ssh connection is made. In this case comp1. The public key goes to comp2. Once the keys are in place, you will disable password based authentication in the ssh server in comp2. If you disable password based authentication without making sure the key based authentication is working, then ssh will not work, as there will be no way to authenticate the remote user.



First generate the private-public key pair in the user1@comp1. This will need to be done at each user and each local computer from where you ssh to another computer. In a terminal enter:



ssh-keygen -t rsa -b 4096


The process will prompt you for a passphrase. You can hit enter if you don't want one. If you do enter a passphrase, you will be asked for it every time you ssh from comp1 to comp2. If you use a passphrase it should not be same as the password used for normal login.



Next you will need to copy the public key from comp1 to comp2. In the terminal in comp1 enter:



ssh-copy-id user2@comp2.local


You will be asked to enter the login password of user2 in comp2. If you have other computers in the home LAN you want to ssh to from the user1@comp1 then you need not create a new key-pair. Copy the public key of user1@comp1 to the other user accounts in the other remote computers using the above command.



Once the public key is successfully copied to the user2 account of comp2 try to ssh again:



ssh user2@comp2.local


Now you should be able to get into comp2 without user2's password. At this point one can either use the password or the public key you generated to log in. You can test this by creating a new user (or with an existing second user) in comp1, such as user1a. At this stage user1@comp1 will be able to ssh to user2@comp2 without password using the public key. On the other hand user1a@comp1 will be able to ssh to user2@comp2 will need to use the password of user2.



The next step is to disable the password based authentication. You may want to do this locally in a terminal of comp2. Use the following command to edit /etc/ssh/sshd_config



sudo nano /etc/ssh/sshd_config



Then make sure it contains the following lines and they are uncommented:



PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no


Note these lines may not be together. "Uncommented" means there is no # in front of each of these lines.



Use Ctrl+W to save the changes and Ctrl+X to exit the editor.



Finally, restart the ssh server with the new settings by the following command:



sudo systemctl restart ssh


Now user1@comp1 will still be able to ssh to user2@comp2 without password using the public key. On the other hand user1a@comp1 will get permission denied to ssh to user2@comp2.



3. Install and configure a firewall



There are many firewall software, and some of them are hard to configure. I suggest you install the "uncomplicated firewall" called ufw by the command:



sudo apt install ufw


To open the port 22 but only from within the home LAN use the command:



sudo ufw allow from 192.168.x.0/24 to any port 22 


Note: replace x with either 0 or 1 based on your router setup.



This firewall setting in comp2 stops anyone from outside the home LAN use ssh to connect to comp2. However, it allows anyone (using any computer) within the home LAN try to ssh into comp2. If comp2 is removed from home and taken somewhere else and connected to another "similar" network, say by WiFi, all the computers in that network will be allowed to access port 22 of comp2 by this firewall setting. For this reason I recommend password based authentication to be disabled and private-public key based authentication be used in all computers running the ssh server.



Hope this helps






share|improve this answer




















  • 1





    +1 but I have three laptops. Suggest changing "desktop computers" to "machines" for broader audience.

    – WinEunuuchs2Unix
    Jan 9 at 0:10











  • @WinEunuuchs2Unix Thanks for pointing this out. I have edited the text and removed "desktop". I prefer "computers" to "machine". I have also mentioned the OS (Ubuntu) to make it clear that it is not Windows to Ubuntu or Ubuntu to Windows kind of answer. On second thought, The answer works for Windows with WSL or native ssh client as well.

    – user68186
    Jan 9 at 15:52











  • appreciate it very much your elaborate instruction. What do you mean "Make sure port 22 is not forwarded to any computers in the home router." the forward here is the forward in "forward an email"

    – user10726006
    Jan 10 at 2:44











  • @user10726006 Thanks for the appreciation. Feel free to up-vote if not done so already. The "port forwarding" is slightly different from forwarding an email. It is in the router settings. You will have to Google it to know more.

    – user68186
    Jan 10 at 14:02


















1














Maybe try to ssh via IP not hostname?



You can check ip using ifconfig






share|improve this answer






























    0














    Add a string to your /etc/hosts file like this:



    <IP_ADDRESS_OF_YOUR_ALGORITHMS_HOST> algorithms


    For example:



    192.168.168.168 algorithms


    Save /etc/hosts and try connecting again.



    Anyway, as a quick solution, you can always connect directly via IP address:



    ssh second@192.168.168.168





    share|improve this answer






















      Your Answer








      StackExchange.ready(function()
      var channelOptions =
      tags: "".split(" "),
      id: "89"
      ;
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function()
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled)
      StackExchange.using("snippets", function()
      createEditor();
      );

      else
      createEditor();

      );

      function createEditor()
      StackExchange.prepareEditor(
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: true,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: 10,
      bindNavPrevention: true,
      postfix: "",
      imageUploader:
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      ,
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      );



      );













      draft saved

      draft discarded


















      StackExchange.ready(
      function ()
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1107987%2fconnect-two-computers-with-ssh-in-a-home-lan%23new-answer', 'question_page');

      );

      Post as a guest















      Required, but never shown

























      3 Answers
      3






      active

      oldest

      votes








      3 Answers
      3






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      9















      ssh within a home Local Area Network (LAN)



      I assume there are two users each with their own computers running Ubuntu.




      • user1 uses comp1 and


      • user2 uses comp2.

      The goal is for user1 to remotely access comp2 using user2's account in comp2.



      Note: If user1 has an account in comp2 and user1 wishes to access her account in comp2 from comp1 then she she does not have to specify the username in the ssh command. ssh comp2.local will work.



      Setup ssh server in comp2



      For this you will need to physically go to comp2 and login to it using an account with administration privileges. I assume that is, user2 account.



      Install the ssh server



      Desktop Ubuntu does not come with any servers. To ssh into comp2 you will first need to install the openssh-server. Open a terminal in comp2 by pressing Ctrl+Alt+T and enter the following lines one at a time:



      sudo apt update
      sudo apt install openssh-server


      You will be asked for user2's password. When you type the password the cursor will not move and it will seem like nothing is happening. This is normal. Hit Enter after typing the password. Then follow the instructions.



      Once openssh-server is installed you will see a new options in Settings under sharing called "RemoteLogin" and it will be "On":



      enter image description here



      The standard Ubuntu desktop does not come with any firewalls installed. If you have a firewall installed then make sure it allows connections to port 22 from within the LAN. The instructions will depend on the specific firewall software.



      Test ssh locally



      Still at the terminal of comp2 test that ssh is working. Enter the command:



      ssh 127.0.0.1


      The 127.0.0.1 refers to the IP address of the computer you are using. In other words, you are trying to ssh from comp2 to comp2. If all goes well you will be asked if you are sure you want to connect and then for your password. Once you answer yes for being sure and enter the password for user2 you will see the terminal prompt change from user2@comp2$ to user2@127.0.0.1$. This shows that you have successfully sshed from comp2 to itself.



      Note: Since the same user (user2) is ssh-ing in this case, you don't need to specify ssh user2@127.0.0.1 in the ssh command.




      ssh from comp1



      To ssh from comp1 to comp2 you can either use the computer name (hostname) or its IP address. To find the IP address of comp2 use the ifconfig command in the terminal of comp2. You will see an address like 192.168.x.y, where x can be 0 or 1 and y can be any number between 2 and 255.



      Form a terminal in comp1 enter either:



      ssh user2@comp2.local


      or



      ssh user2@192.168.x.y


      Note: If you use the name of the computer then you must add .local at the end. If you use the local IP address, it may change from time to time if a fixed address is not assigned.



      Security concerns



      1. Router setup

      2. Enable public key based authentication and disable password based authentication.

      3. Install and configure a firewall

      1. Router setup



      Make sure port 22 is not forwarded to any computers in the home router. This will prevent anyone from outside the home LAN use ssh to connect to the home computers.



      The instructions are router specific and beyond the scope of this answer as it has nothing to do with Ubuntu.



      2. Enable public key based authentication and disable password based authentication



      This is more secure way to use ssh. It uses a private-public key pair. The private key remains in the trusted computer from which the ssh connection is made. In this case comp1. The public key goes to comp2. Once the keys are in place, you will disable password based authentication in the ssh server in comp2. If you disable password based authentication without making sure the key based authentication is working, then ssh will not work, as there will be no way to authenticate the remote user.



      First generate the private-public key pair in the user1@comp1. This will need to be done at each user and each local computer from where you ssh to another computer. In a terminal enter:



      ssh-keygen -t rsa -b 4096


      The process will prompt you for a passphrase. You can hit enter if you don't want one. If you do enter a passphrase, you will be asked for it every time you ssh from comp1 to comp2. If you use a passphrase it should not be same as the password used for normal login.



      Next you will need to copy the public key from comp1 to comp2. In the terminal in comp1 enter:



      ssh-copy-id user2@comp2.local


      You will be asked to enter the login password of user2 in comp2. If you have other computers in the home LAN you want to ssh to from the user1@comp1 then you need not create a new key-pair. Copy the public key of user1@comp1 to the other user accounts in the other remote computers using the above command.



      Once the public key is successfully copied to the user2 account of comp2 try to ssh again:



      ssh user2@comp2.local


      Now you should be able to get into comp2 without user2's password. At this point one can either use the password or the public key you generated to log in. You can test this by creating a new user (or with an existing second user) in comp1, such as user1a. At this stage user1@comp1 will be able to ssh to user2@comp2 without password using the public key. On the other hand user1a@comp1 will be able to ssh to user2@comp2 will need to use the password of user2.



      The next step is to disable the password based authentication. You may want to do this locally in a terminal of comp2. Use the following command to edit /etc/ssh/sshd_config



      sudo nano /etc/ssh/sshd_config



      Then make sure it contains the following lines and they are uncommented:



      PasswordAuthentication no
      ChallengeResponseAuthentication no
      UsePAM no


      Note these lines may not be together. "Uncommented" means there is no # in front of each of these lines.



      Use Ctrl+W to save the changes and Ctrl+X to exit the editor.



      Finally, restart the ssh server with the new settings by the following command:



      sudo systemctl restart ssh


      Now user1@comp1 will still be able to ssh to user2@comp2 without password using the public key. On the other hand user1a@comp1 will get permission denied to ssh to user2@comp2.



      3. Install and configure a firewall



      There are many firewall software, and some of them are hard to configure. I suggest you install the "uncomplicated firewall" called ufw by the command:



      sudo apt install ufw


      To open the port 22 but only from within the home LAN use the command:



      sudo ufw allow from 192.168.x.0/24 to any port 22 


      Note: replace x with either 0 or 1 based on your router setup.



      This firewall setting in comp2 stops anyone from outside the home LAN use ssh to connect to comp2. However, it allows anyone (using any computer) within the home LAN try to ssh into comp2. If comp2 is removed from home and taken somewhere else and connected to another "similar" network, say by WiFi, all the computers in that network will be allowed to access port 22 of comp2 by this firewall setting. For this reason I recommend password based authentication to be disabled and private-public key based authentication be used in all computers running the ssh server.



      Hope this helps






      share|improve this answer




















      • 1





        +1 but I have three laptops. Suggest changing "desktop computers" to "machines" for broader audience.

        – WinEunuuchs2Unix
        Jan 9 at 0:10











      • @WinEunuuchs2Unix Thanks for pointing this out. I have edited the text and removed "desktop". I prefer "computers" to "machine". I have also mentioned the OS (Ubuntu) to make it clear that it is not Windows to Ubuntu or Ubuntu to Windows kind of answer. On second thought, The answer works for Windows with WSL or native ssh client as well.

        – user68186
        Jan 9 at 15:52











      • appreciate it very much your elaborate instruction. What do you mean "Make sure port 22 is not forwarded to any computers in the home router." the forward here is the forward in "forward an email"

        – user10726006
        Jan 10 at 2:44











      • @user10726006 Thanks for the appreciation. Feel free to up-vote if not done so already. The "port forwarding" is slightly different from forwarding an email. It is in the router settings. You will have to Google it to know more.

        – user68186
        Jan 10 at 14:02















      9















      ssh within a home Local Area Network (LAN)



      I assume there are two users each with their own computers running Ubuntu.




      • user1 uses comp1 and


      • user2 uses comp2.

      The goal is for user1 to remotely access comp2 using user2's account in comp2.



      Note: If user1 has an account in comp2 and user1 wishes to access her account in comp2 from comp1 then she she does not have to specify the username in the ssh command. ssh comp2.local will work.



      Setup ssh server in comp2



      For this you will need to physically go to comp2 and login to it using an account with administration privileges. I assume that is, user2 account.



      Install the ssh server



      Desktop Ubuntu does not come with any servers. To ssh into comp2 you will first need to install the openssh-server. Open a terminal in comp2 by pressing Ctrl+Alt+T and enter the following lines one at a time:



      sudo apt update
      sudo apt install openssh-server


      You will be asked for user2's password. When you type the password the cursor will not move and it will seem like nothing is happening. This is normal. Hit Enter after typing the password. Then follow the instructions.



      Once openssh-server is installed you will see a new options in Settings under sharing called "RemoteLogin" and it will be "On":



      enter image description here



      The standard Ubuntu desktop does not come with any firewalls installed. If you have a firewall installed then make sure it allows connections to port 22 from within the LAN. The instructions will depend on the specific firewall software.



      Test ssh locally



      Still at the terminal of comp2 test that ssh is working. Enter the command:



      ssh 127.0.0.1


      The 127.0.0.1 refers to the IP address of the computer you are using. In other words, you are trying to ssh from comp2 to comp2. If all goes well you will be asked if you are sure you want to connect and then for your password. Once you answer yes for being sure and enter the password for user2 you will see the terminal prompt change from user2@comp2$ to user2@127.0.0.1$. This shows that you have successfully sshed from comp2 to itself.



      Note: Since the same user (user2) is ssh-ing in this case, you don't need to specify ssh user2@127.0.0.1 in the ssh command.




      ssh from comp1



      To ssh from comp1 to comp2 you can either use the computer name (hostname) or its IP address. To find the IP address of comp2 use the ifconfig command in the terminal of comp2. You will see an address like 192.168.x.y, where x can be 0 or 1 and y can be any number between 2 and 255.



      Form a terminal in comp1 enter either:



      ssh user2@comp2.local


      or



      ssh user2@192.168.x.y


      Note: If you use the name of the computer then you must add .local at the end. If you use the local IP address, it may change from time to time if a fixed address is not assigned.



      Security concerns



      1. Router setup

      2. Enable public key based authentication and disable password based authentication.

      3. Install and configure a firewall

      1. Router setup



      Make sure port 22 is not forwarded to any computers in the home router. This will prevent anyone from outside the home LAN use ssh to connect to the home computers.



      The instructions are router specific and beyond the scope of this answer as it has nothing to do with Ubuntu.



      2. Enable public key based authentication and disable password based authentication



      This is more secure way to use ssh. It uses a private-public key pair. The private key remains in the trusted computer from which the ssh connection is made. In this case comp1. The public key goes to comp2. Once the keys are in place, you will disable password based authentication in the ssh server in comp2. If you disable password based authentication without making sure the key based authentication is working, then ssh will not work, as there will be no way to authenticate the remote user.



      First generate the private-public key pair in the user1@comp1. This will need to be done at each user and each local computer from where you ssh to another computer. In a terminal enter:



      ssh-keygen -t rsa -b 4096


      The process will prompt you for a passphrase. You can hit enter if you don't want one. If you do enter a passphrase, you will be asked for it every time you ssh from comp1 to comp2. If you use a passphrase it should not be same as the password used for normal login.



      Next you will need to copy the public key from comp1 to comp2. In the terminal in comp1 enter:



      ssh-copy-id user2@comp2.local


      You will be asked to enter the login password of user2 in comp2. If you have other computers in the home LAN you want to ssh to from the user1@comp1 then you need not create a new key-pair. Copy the public key of user1@comp1 to the other user accounts in the other remote computers using the above command.



      Once the public key is successfully copied to the user2 account of comp2 try to ssh again:



      ssh user2@comp2.local


      Now you should be able to get into comp2 without user2's password. At this point one can either use the password or the public key you generated to log in. You can test this by creating a new user (or with an existing second user) in comp1, such as user1a. At this stage user1@comp1 will be able to ssh to user2@comp2 without password using the public key. On the other hand user1a@comp1 will be able to ssh to user2@comp2 will need to use the password of user2.



      The next step is to disable the password based authentication. You may want to do this locally in a terminal of comp2. Use the following command to edit /etc/ssh/sshd_config



      sudo nano /etc/ssh/sshd_config



      Then make sure it contains the following lines and they are uncommented:



      PasswordAuthentication no
      ChallengeResponseAuthentication no
      UsePAM no


      Note these lines may not be together. "Uncommented" means there is no # in front of each of these lines.



      Use Ctrl+W to save the changes and Ctrl+X to exit the editor.



      Finally, restart the ssh server with the new settings by the following command:



      sudo systemctl restart ssh


      Now user1@comp1 will still be able to ssh to user2@comp2 without password using the public key. On the other hand user1a@comp1 will get permission denied to ssh to user2@comp2.



      3. Install and configure a firewall



      There are many firewall software, and some of them are hard to configure. I suggest you install the "uncomplicated firewall" called ufw by the command:



      sudo apt install ufw


      To open the port 22 but only from within the home LAN use the command:



      sudo ufw allow from 192.168.x.0/24 to any port 22 


      Note: replace x with either 0 or 1 based on your router setup.



      This firewall setting in comp2 stops anyone from outside the home LAN use ssh to connect to comp2. However, it allows anyone (using any computer) within the home LAN try to ssh into comp2. If comp2 is removed from home and taken somewhere else and connected to another "similar" network, say by WiFi, all the computers in that network will be allowed to access port 22 of comp2 by this firewall setting. For this reason I recommend password based authentication to be disabled and private-public key based authentication be used in all computers running the ssh server.



      Hope this helps






      share|improve this answer




















      • 1





        +1 but I have three laptops. Suggest changing "desktop computers" to "machines" for broader audience.

        – WinEunuuchs2Unix
        Jan 9 at 0:10











      • @WinEunuuchs2Unix Thanks for pointing this out. I have edited the text and removed "desktop". I prefer "computers" to "machine". I have also mentioned the OS (Ubuntu) to make it clear that it is not Windows to Ubuntu or Ubuntu to Windows kind of answer. On second thought, The answer works for Windows with WSL or native ssh client as well.

        – user68186
        Jan 9 at 15:52











      • appreciate it very much your elaborate instruction. What do you mean "Make sure port 22 is not forwarded to any computers in the home router." the forward here is the forward in "forward an email"

        – user10726006
        Jan 10 at 2:44











      • @user10726006 Thanks for the appreciation. Feel free to up-vote if not done so already. The "port forwarding" is slightly different from forwarding an email. It is in the router settings. You will have to Google it to know more.

        – user68186
        Jan 10 at 14:02













      9












      9








      9








      ssh within a home Local Area Network (LAN)



      I assume there are two users each with their own computers running Ubuntu.




      • user1 uses comp1 and


      • user2 uses comp2.

      The goal is for user1 to remotely access comp2 using user2's account in comp2.



      Note: If user1 has an account in comp2 and user1 wishes to access her account in comp2 from comp1 then she she does not have to specify the username in the ssh command. ssh comp2.local will work.



      Setup ssh server in comp2



      For this you will need to physically go to comp2 and login to it using an account with administration privileges. I assume that is, user2 account.



      Install the ssh server



      Desktop Ubuntu does not come with any servers. To ssh into comp2 you will first need to install the openssh-server. Open a terminal in comp2 by pressing Ctrl+Alt+T and enter the following lines one at a time:



      sudo apt update
      sudo apt install openssh-server


      You will be asked for user2's password. When you type the password the cursor will not move and it will seem like nothing is happening. This is normal. Hit Enter after typing the password. Then follow the instructions.



      Once openssh-server is installed you will see a new options in Settings under sharing called "RemoteLogin" and it will be "On":



      enter image description here



      The standard Ubuntu desktop does not come with any firewalls installed. If you have a firewall installed then make sure it allows connections to port 22 from within the LAN. The instructions will depend on the specific firewall software.



      Test ssh locally



      Still at the terminal of comp2 test that ssh is working. Enter the command:



      ssh 127.0.0.1


      The 127.0.0.1 refers to the IP address of the computer you are using. In other words, you are trying to ssh from comp2 to comp2. If all goes well you will be asked if you are sure you want to connect and then for your password. Once you answer yes for being sure and enter the password for user2 you will see the terminal prompt change from user2@comp2$ to user2@127.0.0.1$. This shows that you have successfully sshed from comp2 to itself.



      Note: Since the same user (user2) is ssh-ing in this case, you don't need to specify ssh user2@127.0.0.1 in the ssh command.




      ssh from comp1



      To ssh from comp1 to comp2 you can either use the computer name (hostname) or its IP address. To find the IP address of comp2 use the ifconfig command in the terminal of comp2. You will see an address like 192.168.x.y, where x can be 0 or 1 and y can be any number between 2 and 255.



      Form a terminal in comp1 enter either:



      ssh user2@comp2.local


      or



      ssh user2@192.168.x.y


      Note: If you use the name of the computer then you must add .local at the end. If you use the local IP address, it may change from time to time if a fixed address is not assigned.



      Security concerns



      1. Router setup

      2. Enable public key based authentication and disable password based authentication.

      3. Install and configure a firewall

      1. Router setup



      Make sure port 22 is not forwarded to any computers in the home router. This will prevent anyone from outside the home LAN use ssh to connect to the home computers.



      The instructions are router specific and beyond the scope of this answer as it has nothing to do with Ubuntu.



      2. Enable public key based authentication and disable password based authentication



      This is more secure way to use ssh. It uses a private-public key pair. The private key remains in the trusted computer from which the ssh connection is made. In this case comp1. The public key goes to comp2. Once the keys are in place, you will disable password based authentication in the ssh server in comp2. If you disable password based authentication without making sure the key based authentication is working, then ssh will not work, as there will be no way to authenticate the remote user.



      First generate the private-public key pair in the user1@comp1. This will need to be done at each user and each local computer from where you ssh to another computer. In a terminal enter:



      ssh-keygen -t rsa -b 4096


      The process will prompt you for a passphrase. You can hit enter if you don't want one. If you do enter a passphrase, you will be asked for it every time you ssh from comp1 to comp2. If you use a passphrase it should not be same as the password used for normal login.



      Next you will need to copy the public key from comp1 to comp2. In the terminal in comp1 enter:



      ssh-copy-id user2@comp2.local


      You will be asked to enter the login password of user2 in comp2. If you have other computers in the home LAN you want to ssh to from the user1@comp1 then you need not create a new key-pair. Copy the public key of user1@comp1 to the other user accounts in the other remote computers using the above command.



      Once the public key is successfully copied to the user2 account of comp2 try to ssh again:



      ssh user2@comp2.local


      Now you should be able to get into comp2 without user2's password. At this point one can either use the password or the public key you generated to log in. You can test this by creating a new user (or with an existing second user) in comp1, such as user1a. At this stage user1@comp1 will be able to ssh to user2@comp2 without password using the public key. On the other hand user1a@comp1 will be able to ssh to user2@comp2 will need to use the password of user2.



      The next step is to disable the password based authentication. You may want to do this locally in a terminal of comp2. Use the following command to edit /etc/ssh/sshd_config



      sudo nano /etc/ssh/sshd_config



      Then make sure it contains the following lines and they are uncommented:



      PasswordAuthentication no
      ChallengeResponseAuthentication no
      UsePAM no


      Note these lines may not be together. "Uncommented" means there is no # in front of each of these lines.



      Use Ctrl+W to save the changes and Ctrl+X to exit the editor.



      Finally, restart the ssh server with the new settings by the following command:



      sudo systemctl restart ssh


      Now user1@comp1 will still be able to ssh to user2@comp2 without password using the public key. On the other hand user1a@comp1 will get permission denied to ssh to user2@comp2.



      3. Install and configure a firewall



      There are many firewall software, and some of them are hard to configure. I suggest you install the "uncomplicated firewall" called ufw by the command:



      sudo apt install ufw


      To open the port 22 but only from within the home LAN use the command:



      sudo ufw allow from 192.168.x.0/24 to any port 22 


      Note: replace x with either 0 or 1 based on your router setup.



      This firewall setting in comp2 stops anyone from outside the home LAN use ssh to connect to comp2. However, it allows anyone (using any computer) within the home LAN try to ssh into comp2. If comp2 is removed from home and taken somewhere else and connected to another "similar" network, say by WiFi, all the computers in that network will be allowed to access port 22 of comp2 by this firewall setting. For this reason I recommend password based authentication to be disabled and private-public key based authentication be used in all computers running the ssh server.



      Hope this helps






      share|improve this answer
















      ssh within a home Local Area Network (LAN)



      I assume there are two users each with their own computers running Ubuntu.




      • user1 uses comp1 and


      • user2 uses comp2.

      The goal is for user1 to remotely access comp2 using user2's account in comp2.



      Note: If user1 has an account in comp2 and user1 wishes to access her account in comp2 from comp1 then she she does not have to specify the username in the ssh command. ssh comp2.local will work.



      Setup ssh server in comp2



      For this you will need to physically go to comp2 and login to it using an account with administration privileges. I assume that is, user2 account.



      Install the ssh server



      Desktop Ubuntu does not come with any servers. To ssh into comp2 you will first need to install the openssh-server. Open a terminal in comp2 by pressing Ctrl+Alt+T and enter the following lines one at a time:



      sudo apt update
      sudo apt install openssh-server


      You will be asked for user2's password. When you type the password the cursor will not move and it will seem like nothing is happening. This is normal. Hit Enter after typing the password. Then follow the instructions.



      Once openssh-server is installed you will see a new options in Settings under sharing called "RemoteLogin" and it will be "On":



      enter image description here



      The standard Ubuntu desktop does not come with any firewalls installed. If you have a firewall installed then make sure it allows connections to port 22 from within the LAN. The instructions will depend on the specific firewall software.



      Test ssh locally



      Still at the terminal of comp2 test that ssh is working. Enter the command:



      ssh 127.0.0.1


      The 127.0.0.1 refers to the IP address of the computer you are using. In other words, you are trying to ssh from comp2 to comp2. If all goes well you will be asked if you are sure you want to connect and then for your password. Once you answer yes for being sure and enter the password for user2 you will see the terminal prompt change from user2@comp2$ to user2@127.0.0.1$. This shows that you have successfully sshed from comp2 to itself.



      Note: Since the same user (user2) is ssh-ing in this case, you don't need to specify ssh user2@127.0.0.1 in the ssh command.




      ssh from comp1



      To ssh from comp1 to comp2 you can either use the computer name (hostname) or its IP address. To find the IP address of comp2 use the ifconfig command in the terminal of comp2. You will see an address like 192.168.x.y, where x can be 0 or 1 and y can be any number between 2 and 255.



      Form a terminal in comp1 enter either:



      ssh user2@comp2.local


      or



      ssh user2@192.168.x.y


      Note: If you use the name of the computer then you must add .local at the end. If you use the local IP address, it may change from time to time if a fixed address is not assigned.



      Security concerns



      1. Router setup

      2. Enable public key based authentication and disable password based authentication.

      3. Install and configure a firewall

      1. Router setup



      Make sure port 22 is not forwarded to any computers in the home router. This will prevent anyone from outside the home LAN use ssh to connect to the home computers.



      The instructions are router specific and beyond the scope of this answer as it has nothing to do with Ubuntu.



      2. Enable public key based authentication and disable password based authentication



      This is more secure way to use ssh. It uses a private-public key pair. The private key remains in the trusted computer from which the ssh connection is made. In this case comp1. The public key goes to comp2. Once the keys are in place, you will disable password based authentication in the ssh server in comp2. If you disable password based authentication without making sure the key based authentication is working, then ssh will not work, as there will be no way to authenticate the remote user.



      First generate the private-public key pair in the user1@comp1. This will need to be done at each user and each local computer from where you ssh to another computer. In a terminal enter:



      ssh-keygen -t rsa -b 4096


      The process will prompt you for a passphrase. You can hit enter if you don't want one. If you do enter a passphrase, you will be asked for it every time you ssh from comp1 to comp2. If you use a passphrase it should not be same as the password used for normal login.



      Next you will need to copy the public key from comp1 to comp2. In the terminal in comp1 enter:



      ssh-copy-id user2@comp2.local


      You will be asked to enter the login password of user2 in comp2. If you have other computers in the home LAN you want to ssh to from the user1@comp1 then you need not create a new key-pair. Copy the public key of user1@comp1 to the other user accounts in the other remote computers using the above command.



      Once the public key is successfully copied to the user2 account of comp2 try to ssh again:



      ssh user2@comp2.local


      Now you should be able to get into comp2 without user2's password. At this point one can either use the password or the public key you generated to log in. You can test this by creating a new user (or with an existing second user) in comp1, such as user1a. At this stage user1@comp1 will be able to ssh to user2@comp2 without password using the public key. On the other hand user1a@comp1 will be able to ssh to user2@comp2 will need to use the password of user2.



      The next step is to disable the password based authentication. You may want to do this locally in a terminal of comp2. Use the following command to edit /etc/ssh/sshd_config



      sudo nano /etc/ssh/sshd_config



      Then make sure it contains the following lines and they are uncommented:



      PasswordAuthentication no
      ChallengeResponseAuthentication no
      UsePAM no


      Note these lines may not be together. "Uncommented" means there is no # in front of each of these lines.



      Use Ctrl+W to save the changes and Ctrl+X to exit the editor.



      Finally, restart the ssh server with the new settings by the following command:



      sudo systemctl restart ssh


      Now user1@comp1 will still be able to ssh to user2@comp2 without password using the public key. On the other hand user1a@comp1 will get permission denied to ssh to user2@comp2.



      3. Install and configure a firewall



      There are many firewall software, and some of them are hard to configure. I suggest you install the "uncomplicated firewall" called ufw by the command:



      sudo apt install ufw


      To open the port 22 but only from within the home LAN use the command:



      sudo ufw allow from 192.168.x.0/24 to any port 22 


      Note: replace x with either 0 or 1 based on your router setup.



      This firewall setting in comp2 stops anyone from outside the home LAN use ssh to connect to comp2. However, it allows anyone (using any computer) within the home LAN try to ssh into comp2. If comp2 is removed from home and taken somewhere else and connected to another "similar" network, say by WiFi, all the computers in that network will be allowed to access port 22 of comp2 by this firewall setting. For this reason I recommend password based authentication to be disabled and private-public key based authentication be used in all computers running the ssh server.



      Hope this helps







      share|improve this answer














      share|improve this answer



      share|improve this answer








      edited Jan 9 at 15:47

























      answered Jan 8 at 16:15









      user68186user68186

      15.5k84667




      15.5k84667







      • 1





        +1 but I have three laptops. Suggest changing "desktop computers" to "machines" for broader audience.

        – WinEunuuchs2Unix
        Jan 9 at 0:10











      • @WinEunuuchs2Unix Thanks for pointing this out. I have edited the text and removed "desktop". I prefer "computers" to "machine". I have also mentioned the OS (Ubuntu) to make it clear that it is not Windows to Ubuntu or Ubuntu to Windows kind of answer. On second thought, The answer works for Windows with WSL or native ssh client as well.

        – user68186
        Jan 9 at 15:52











      • appreciate it very much your elaborate instruction. What do you mean "Make sure port 22 is not forwarded to any computers in the home router." the forward here is the forward in "forward an email"

        – user10726006
        Jan 10 at 2:44











      • @user10726006 Thanks for the appreciation. Feel free to up-vote if not done so already. The "port forwarding" is slightly different from forwarding an email. It is in the router settings. You will have to Google it to know more.

        – user68186
        Jan 10 at 14:02












      • 1





        +1 but I have three laptops. Suggest changing "desktop computers" to "machines" for broader audience.

        – WinEunuuchs2Unix
        Jan 9 at 0:10











      • @WinEunuuchs2Unix Thanks for pointing this out. I have edited the text and removed "desktop". I prefer "computers" to "machine". I have also mentioned the OS (Ubuntu) to make it clear that it is not Windows to Ubuntu or Ubuntu to Windows kind of answer. On second thought, The answer works for Windows with WSL or native ssh client as well.

        – user68186
        Jan 9 at 15:52











      • appreciate it very much your elaborate instruction. What do you mean "Make sure port 22 is not forwarded to any computers in the home router." the forward here is the forward in "forward an email"

        – user10726006
        Jan 10 at 2:44











      • @user10726006 Thanks for the appreciation. Feel free to up-vote if not done so already. The "port forwarding" is slightly different from forwarding an email. It is in the router settings. You will have to Google it to know more.

        – user68186
        Jan 10 at 14:02







      1




      1





      +1 but I have three laptops. Suggest changing "desktop computers" to "machines" for broader audience.

      – WinEunuuchs2Unix
      Jan 9 at 0:10





      +1 but I have three laptops. Suggest changing "desktop computers" to "machines" for broader audience.

      – WinEunuuchs2Unix
      Jan 9 at 0:10













      @WinEunuuchs2Unix Thanks for pointing this out. I have edited the text and removed "desktop". I prefer "computers" to "machine". I have also mentioned the OS (Ubuntu) to make it clear that it is not Windows to Ubuntu or Ubuntu to Windows kind of answer. On second thought, The answer works for Windows with WSL or native ssh client as well.

      – user68186
      Jan 9 at 15:52





      @WinEunuuchs2Unix Thanks for pointing this out. I have edited the text and removed "desktop". I prefer "computers" to "machine". I have also mentioned the OS (Ubuntu) to make it clear that it is not Windows to Ubuntu or Ubuntu to Windows kind of answer. On second thought, The answer works for Windows with WSL or native ssh client as well.

      – user68186
      Jan 9 at 15:52













      appreciate it very much your elaborate instruction. What do you mean "Make sure port 22 is not forwarded to any computers in the home router." the forward here is the forward in "forward an email"

      – user10726006
      Jan 10 at 2:44





      appreciate it very much your elaborate instruction. What do you mean "Make sure port 22 is not forwarded to any computers in the home router." the forward here is the forward in "forward an email"

      – user10726006
      Jan 10 at 2:44













      @user10726006 Thanks for the appreciation. Feel free to up-vote if not done so already. The "port forwarding" is slightly different from forwarding an email. It is in the router settings. You will have to Google it to know more.

      – user68186
      Jan 10 at 14:02





      @user10726006 Thanks for the appreciation. Feel free to up-vote if not done so already. The "port forwarding" is slightly different from forwarding an email. It is in the router settings. You will have to Google it to know more.

      – user68186
      Jan 10 at 14:02













      1














      Maybe try to ssh via IP not hostname?



      You can check ip using ifconfig






      share|improve this answer



























        1














        Maybe try to ssh via IP not hostname?



        You can check ip using ifconfig






        share|improve this answer

























          1












          1








          1







          Maybe try to ssh via IP not hostname?



          You can check ip using ifconfig






          share|improve this answer













          Maybe try to ssh via IP not hostname?



          You can check ip using ifconfig







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Jan 8 at 13:36









          Mirosław MówińskiMirosław Mówiński

          664




          664





















              0














              Add a string to your /etc/hosts file like this:



              <IP_ADDRESS_OF_YOUR_ALGORITHMS_HOST> algorithms


              For example:



              192.168.168.168 algorithms


              Save /etc/hosts and try connecting again.



              Anyway, as a quick solution, you can always connect directly via IP address:



              ssh second@192.168.168.168





              share|improve this answer



























                0














                Add a string to your /etc/hosts file like this:



                <IP_ADDRESS_OF_YOUR_ALGORITHMS_HOST> algorithms


                For example:



                192.168.168.168 algorithms


                Save /etc/hosts and try connecting again.



                Anyway, as a quick solution, you can always connect directly via IP address:



                ssh second@192.168.168.168





                share|improve this answer

























                  0












                  0








                  0







                  Add a string to your /etc/hosts file like this:



                  <IP_ADDRESS_OF_YOUR_ALGORITHMS_HOST> algorithms


                  For example:



                  192.168.168.168 algorithms


                  Save /etc/hosts and try connecting again.



                  Anyway, as a quick solution, you can always connect directly via IP address:



                  ssh second@192.168.168.168





                  share|improve this answer













                  Add a string to your /etc/hosts file like this:



                  <IP_ADDRESS_OF_YOUR_ALGORITHMS_HOST> algorithms


                  For example:



                  192.168.168.168 algorithms


                  Save /etc/hosts and try connecting again.



                  Anyway, as a quick solution, you can always connect directly via IP address:



                  ssh second@192.168.168.168






                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Jan 8 at 18:02









                  mmvmmv

                  1




                  1



























                      draft saved

                      draft discarded
















































                      Thanks for contributing an answer to Ask Ubuntu!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid


                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.

                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function ()
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1107987%2fconnect-two-computers-with-ssh-in-a-home-lan%23new-answer', 'question_page');

                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown






                      Popular posts from this blog

                      How to check contact read email or not when send email to Individual?

                      Displaying single band from multi-band raster using QGIS

                      How many registers does an x86_64 CPU actually have?