this post was submitted on 03 Oct 2024
10 points (85.7% liked)

Selfhosted

40173 readers
831 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

The problem:

I manage computers for some loved ones from whom I now live several states away. All devices are linux environments and basically serve as home theater and light duty SOHO.

They have been running for several years without incident, but do require intervention for the "hard" stuff like major release upgrades. (And perhaps I like to slip some entertainment media onto their shared drive from time to time).

And I'd like to have an avenue to do this that doesn't necessarily involve planning a road trip.

Candidate solution(s):

Deploy a micro PC to sit on their network, whose sole purpose is as a headless SSH server. I would intend to SSH into that device, and from there SSH across the LAN to the necessary computers. The rationale is that I would only have one device answering the door, so to speak, at port 22, greatly simplifying port forwards and any need for static IPs.

With dual stack IPv4 + IPv6 internet service, would it be better that I attempt this through IPv6?

The micro PC would be scripted to retrieve the current public IP address every X hours and email it to me.

Another idea is to configure the immediate SSH box behind a Tor SSH hidden service or a I2P eepsite SSH. This way it would maintain a persistent, reachable address without requiring some cobbled together script & email IP notification.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 13 points 1 month ago (1 children)

Why not use Tailscale on each device?

No need to expose any ports, no need for a bastion, no need for any complicated method of retrieving their public IP address, can use ACLs to restrict their access to other devices on the tailnet (if they're tech-savvy enough to go looking at the tailnet in the first place).

Essentially, as long as they have internet and Tailscale is running, you'll be able to connect to their device without exposing anything over the internet.

[–] [email protected] 5 points 1 month ago

Or eventi host your own tailscale with headscale

https://headscale.net/