I am running a home network with a ddwrt installed router. I can ssh into the router from homenetwork, i can ssh in the pc from inside the homenetwork, i can ssh into the router from outside the home network ( static public ip). Now i want to ssh in my pc from outside the home network, as far as i have understood, to do that i need to create a ssh tunnel. I am using the following command :
ssh -L bbbb:hoomepcip:22 root:externalip
after doing this i open another terminal and i
ssh homepcusername@externalip -p bbbb
but it does not work, what am i doing wrong
Isn't the first command supposed to do a port forward in the router so everything i send to it's external ip on bbbb port goes to 22 of my home pc?
for now i have made a permanent port forward on the router gui, but i would like to not use that and open the port when i need to ssh.
both the router and the pc have SSH server installed, the router has dropbear the pc openssh
Instead of SSH tunneling, you might consider tailscale.
See for instance "How to secure an Ubuntu server using Tailscale and UFW", which will restrict ssh access to be only over Tailscale, and use UFW (Uncomplicated Firewall) to restrict non-Tailscale traffic to your server.
That will give you a Tailscale IP address (starting with 100.x.y.z) which can be used to SSH, while your public internet IP would not allow SSH.
You can then add MFA (multi-factor auth) if you want.
Other example: "How to Setup SSH using Tailscale or Ngrok" from Ibrahim Jarif.