Trying to setup SSH minipot, couldn’t find a complete guide, so are the steps below correct? Do I need something more?
Change the sshd port to something else than 22 and restart sshd.
Install Haas, set the token from haas.nic.cz
Enable firewall rule “wan_ssh_turris_rule”, thats the predefined rule to accept 22 from wan
Additionally add port redirecting to sshd port if you need to connect to the router(ssh) from wan, actually this point I don’t understand, if sshd listens on another port I should add new rule to accept on that port, otherwise if sshd listens on 22 how will it work since it is routed to the haas-proxy.
I thing if point 3. Enable firewall rule “wan_ssh_turris_rule”, thats the predefined rule to accept 22 from wan is not need. The HaaS installation will create the necessary rules itself (proxy)
If you use WAN access to SSH (point 4) you will redirect for example port 2222 to 22. It is not necessary if you do not use it (it is potentially dangerous)
I installed Haas from reForis and set the token which I received from haas.nic.cz but it didn’t work until I enable “wan_ssh_turris_rule” from Luci (can be done from cmd line also) and restart firewall.
I was expecting just installing Haas and setting token would automatically work that’s why I m asking.
@JardaB This NAT Prerouting rule is created when I enable “wan_ssh_turris_rule”, if I disable it is removed, so just installing Haas and setting token doesn’t create the needed NAT rule.
