SSH on private IP to Digital Ocean Droplet
- a CentOS 7 Droplet with a public IP on eth0 & private IP on eth1
SSH Clients on my home computer which I use to connect using SSH keys
- MobaXterm on Windows 7 or
- VirtualBox CentOS 7 VM
Now the situation is as follows
My home computer’s public WAN IP address changes via DHCP automatically by my ISP every once a week or so.
On server, I’m fire-walling (herewith referring it as Firewall-layer for simplicity) as below
DigitalOcean Cloud firewall –> server firewall IPTables –> TCPWrappers layer
By observing a pattern of my public IP subnets over a period of time, I’ve used them to determine my ISP’s AS number via this and, I have white-listed a few of them in my Firewall-layer (strangely, they repeat in a random order & are restricted to the same 3-4 subnets each with the CIDR /22, therefore the pattern)
Now in the event when my public WAN IP changes, I momentarily lose access to my server since TCPWrappers prevent me from accessing it.
The workaround I use is to take console access of my Droplet & un-comment out only that public IP subnet belonging to my current WAN IP address, leaving the others commented which I un-comment as soon as the above recurs.
To fix this, I can either
Leave all the entries in the TCPWrappers un-commented so as to avoid the hassle but as much I understand, I strongly it is wrong as a security best practice
therefore, the alternative OR
I’m thinking of writing a bash script that would run on my VirtualBox VM which would detect my current outgoing WAN IP address using a simple cURL call & use it to modify the TCPWrappers & IPTables on my Droplet as explained in the workaround above
But for it to work, I’d need to be able to SSH onto my Droplet via its private IP on eth1 which is what I’ve been tinkering with but unable to find an ideal way to do so, until now.
Could someone please guide me the ideal way to achieve this?
Do let me know if any additional information would be required if I may have missed out.
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.