SSH provides a Secure SHell access to many server systems, IT equipment, and devices. It is the defacto way of remotely connecting to an IT system for the purpose of managing and maintaining the asset. However, if the system does not have a globally unique static IP address, or does not expose port 22 (or as configured) to the public Internet, SSH cannot be used to access the system.
Diode can be used to create a secure connection to a system implementing SSH without requiring a static IP address and without exposing port 22 to the public Internet.
Have fun with this, and let use know in our telegram channel if you have any feature requests!
SSH Server Setup
1. Ensure that a local SSH server (sshd) is already running on your system, and that you have valid SSH credentials that allows you to SSH into the server. See here for an example of enabling SSH on a Raspberry Pi.
2. Install the most recent Diode Client
3. Open a terminal window and publish the SSH service through diode:
diode publish -public 22:22
4. Copy the presented Client Address (see red box below). This is the primary identifier of your target device and will never change. You will need it in the next step.
That's it - once Diode is running and publishing your port, you can now SSH into the system from anywhere in the world.
If everything works fine we recommend to setting up the Diode Client to start at boot time on your SSH Server device.
If you want to further secure your system, you can publish port 22
private (only the specific client can gain access) or
protected (only other clients listed in your Fleet Contract can gain access). Both of these options will require the SSH Client system run the Diode Client. See the Diode Client reference for more information.
SSH Client Usage
1. Change to another machine so we can connect to the server via an SSH client
2. Open a terminal window and connect via SSH over the Diode Network:
ssh -o 'ProxyCommand=nc -X 5 -x diode.link:1080 %h %p' <user>@<client_address>.diode
- <user> is your username (e.g. on a Raspberry Pi it will usually be
- <client_address> is the Client Address you copied in the SSH Server Setup section step 4
Explainer: SSH has no built-in support for socks but instead offers a general
ProxyCommand facility that can be used to proxy through the diode network.
The "diode.link" routes the SSH connection through a public Web2:Web3 gateway so that you don't have to run the Diode Client on your SSH client machine. However, if you want to connect fully decentralized (without using the public gateway), you can run the Diode Client to be your own Web3.0 gateway on your SSH client machine and connect directly peer to peer.