Wednesday, August 12, 2015

SSH to guest Debian stretch on a VirtualBox Windows 7 host from LAN, howto

Suppose you have a virtual machine (or VM), in which you have installed a guest operating system: e.g., Debian stretch. And, it's running under a (physical) Windows 7 (Home Premium SP1) host operating system (by means of Oracle's VirtualBox software developed by wholly-owned Innotek GmbH).

You might wish to access that Debian guest from another box on your host's LAN. Here's how to do so with SSH. (If you're on Windows, you can do this IMO most enjoyably from Git Bash or Cygwin, although SSHing more directly from Windows is also possible.)

These instructions should work just as well with Debian's jessie or wheezy releases (in all likelihood). One caveat: Debian normally disallows SSH access as root. Instead, log in as a regular user and do 'sudo' (or 'su') if you wish to be root.


In your guest Debian operating system, install the software to accept your inbound SSH connection:
sudo apt-get install openssh-server

I. For the desired VM, adjust its VirtualBox settings:
  1. Choose network type NAT.
  2. Forward some inbound port on the host to inbound port 22 on the guest.
Here are the details on how to accomplish this:
  1. To provide an additional layer of security, pick a number between 1024 and 49151 (inclusive and random) to be the inbound local port ('host port') on your physical VirtualBox host.
  2. In VirtualBox Manager, select your desired VM (it can be running).
  3. In the VirtualBox Manager menu, click Machine–Settings–Network.
  4. Ensure the 'Adapter 1' tab is selected.
  5. Ensure 'Enable Network Adapter' is checked.
  6. You'll see the words 'Attached to'. There, select 'NAT'.
  7. Ensure that the blue, drop-down arrow by the word 'Advanced' has dropped down to show you the advanced settings.
  8. Click the 'Port Forwarding' button.
  9. Click the green icon, bearing a plus sign, whose tooltip is 'Adds new port forwarding rule'.
  10. Find and select the newly-created row.
  11. In the 'Name' column, type 'guestssh'.
  12. Ensure 'Protocol' is 'TCP'.
  13. In the 'Host Port' column, type your inbound local port.
  14. In the 'Guest Port' column, type '22'.
II. Set up Windows Firewall to allow the desired SSH connection, by following the steps in this post to create the new firewall rule. In particular:
  • Name it 'VirtualBoxSSHInPort' followed by the port number.
  • Under 'Edge traversal', ensure 'Block edge traversal' is selected.
  • For the path to the receiving program, use the path to the VirtualBox executable (on your host system).
III. Determine the Internet Protocol (IP) address of your VirtualBox host as viewed by its active router. Here's how:
  1. In your VirtualBox host's system tray, click the icon of the active router.
  2. Make sure the drop-down arrow by the words 'Wireless Network Connection' is selected, so you see a list of routers.
  3. Find the name of your active router in the list.
  4. Right-click that name.
  5. Click on 'Status'.
  6. Click the 'Details' button.
  7. In the 'Property' column, find the words 'IPv4 Address'.
  8. Read across to the 'Value' column.
  9. Note its four, dot-separated numbers. That's the IP address of your VirtualBox host, in the LAN provided by its active router. And for your SSH connection command it will be your target IP address.
In order to allow SSH connections to your VirtualBox guest, the VirtualBox software does Network Address Translation (NAT). So, BTW, your VirtualBox guest will report that you are logged in from some other LAN (with another IP address), not from your active router's LAN. The foreign port number will be different, as well.

IV. Now you can test the availability of your inbound SSH connection.

By default, to log in, SSH detects your local username and tries to use it.

Typical Windows usernames begin with a capital letter, yet typical GNU/Linux usernames begin with a lower-case letter. Therefore SSH's default username likely will fail. So instead (from Windows), the SSH command to access your VirtualBox VM is:
$ ssh {lowercase username}@{target IP address} -p {host port}
Since my name (and Windows username) is Mark, I enter:
$ ssh mark@{target IP address} -p {host port}
Alternatively, instead of logging in, you can run a single command (per these tutorials) and retrieve its output to your local, non-SSH computer—e.g.:
$ ssh mark@{target IP address} -p {host port} cat some-file > here
Or, you can use SCP.

Copyright (c) 2015 Mark D. Blackwell.

No comments:

Post a Comment

Thanks for commenting on my post!