Network Configuration
Configure network settings for optimal SSH connectivity. This guide covers local networks, remote access, and advanced networking scenarios.
Network types
Section titled “Network types”Local area network (LAN)
Section titled “Local area network (LAN)”Connect to devices on the same network:
Typical addresses:
192.168.1.x192.168.0.x10.0.0.x172.16.x.xDiscovery methods:
- mDNS/Bonjour:
macbook.local - Static IP assignment
- DHCP reservations
- Network scanning
Wide area network (WAN)
Section titled “Wide area network (WAN)”Connect over the internet:
Connection methods:
- Public IP address
- Domain name
- Dynamic DNS
- VPN tunnel
Security considerations:
- Firewall configuration
- Port forwarding
- Fail2ban protection
- Non-standard ports
Remote access solutions
Section titled “Remote access solutions”Tailscale
Section titled “Tailscale”Zero-configuration VPN for easy access:
Setup:
- Install on all devices
- Authenticate with same account
- Use Tailscale names in Kisuke
- Connect from anywhere
Benefits:
- No port forwarding needed
- Automatic NAT traversal
- End-to-end encryption
- Static device names
Cloudflare Tunnel
Section titled “Cloudflare Tunnel”Secure tunnel without opening ports:
Setup:
- Install cloudflared on server
- Create tunnel configuration
- Access via Cloudflare network
- No exposed ports
Benefits:
- DDoS protection
- No public IP needed
- Access control
- Analytics included
Traditional VPN
Section titled “Traditional VPN”Use existing VPN infrastructure:
Common types:
- OpenVPN
- WireGuard
- IPSec
- Corporate VPN
Configuration:
- Connect to VPN first
- Use internal addresses
- Standard SSH connection
- Transparent to Kisuke
Port configuration
Section titled “Port configuration”Standard SSH port
Section titled “Standard SSH port”Default configuration:
- Port 22
- Well-known service
- May be blocked on some networks
- Target for automated attacks
Custom ports
Section titled “Custom ports”Enhanced security through obscurity:
Common alternatives:
2222 - Alternative SSH2022 - Easy to remember8022 - High port10022 - Five digitsConfiguration:
Port 2222
# Restart SSHsudo systemctl restart sshdIn Kisuke:
hostname:2222192.168.1.100:2222Port forwarding
Section titled “Port forwarding”Access servers behind NAT:
Router configuration:
- Access router admin panel
- Find port forwarding section
- Forward external port to internal IP:22
- Save and apply
Example:
External: 2222 → Internal: 192.168.1.100:22Firewall configuration
Section titled “Firewall configuration”Server-side firewall
Section titled “Server-side firewall”Allow SSH connections:
UFW (Ubuntu):
sudo ufw allow 22/tcpsudo ufw allow from 192.168.1.0/24 to any port 22sudo ufw enablefirewalld (Fedora):
sudo firewall-cmd --permanent --add-service=sshsudo firewall-cmd --permanent --add-port=2222/tcpsudo firewall-cmd --reloadiptables:
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPTsudo iptables-saveClient-side considerations
Section titled “Client-side considerations”Ensure outbound SSH:
- Corporate firewalls may block port 22
- Try alternative ports (443, 8080)
- Use VPN if restricted
- Check with IT department
Network optimization
Section titled “Network optimization”Connection stability
Section titled “Connection stability”Improve reliability:
SSH client config:
Host * ServerAliveInterval 60 ServerAliveCountMax 3 TCPKeepAlive yesCompression:
# Enable for slow connectionsHost slowserver Compression yes CompressionLevel 6Bandwidth management
Section titled “Bandwidth management”Optimize for mobile:
Limit bandwidth:
# Reduce network usageHost mobile Compression yes Ciphers aes128-ctr MACs hmac-sha1Connection multiplexing:
# Reuse connectionsHost * ControlMaster auto ControlPath ~/.ssh/sockets/%r@%h:%p ControlPersist 10mIPv6 configuration
Section titled “IPv6 configuration”Enabling IPv6
Section titled “Enabling IPv6”Modern network support:
Server configuration:
AddressFamily anyListenAddress ::Kisuke connection:
[2001:db8::1]:22ipv6.example.comDual-stack setup
Section titled “Dual-stack setup”Support both protocols:
- Prefer IPv6 when available
- Fallback to IPv4
- Automatic selection
- Performance benefits
Advanced networking
Section titled “Advanced networking”Jump hosts
Section titled “Jump hosts”Connect through bastion:
SSH config:
Host production HostName internal.server ProxyJump bastion.example.com User produserIn Kisuke:
- Configure jump host as space
- Set up target with ProxyCommand
SOCKS proxy
Section titled “SOCKS proxy”Create SSH tunnel:
Setup tunnel:
ssh -D 8080 user@serverUse in Kisuke:
- Configure proxy settings
- Route traffic through tunnel
- Access restricted resources
Mesh networking
Section titled “Mesh networking”Multiple path redundancy:
- Tailscale mesh
- ZeroTier networks
- WireGuard mesh
- Automatic failover
Troubleshooting
Section titled “Troubleshooting”Connectivity issues
Section titled “Connectivity issues”Cannot reach host:
# Test connectivityping hostnamenslookup hostnametelnet hostname 22nc -zv hostname 22Connection timeout:
- Check firewall rules
- Verify port forwarding
- Test from different network
- Check ISP blocking
Performance issues
Section titled “Performance issues”Slow connections:
- Test bandwidth:
speedtest-cli - Check latency:
ping -c 10 hostname - Monitor packet loss
- Try different ports
Intermittent drops:
- Adjust keepalive settings
- Check router stability
- Monitor network logs
- Consider wired connection
Security considerations
Section titled “Security considerations”Network hardening
Section titled “Network hardening”Protect SSH access:
- Use non-standard ports
- Implement fail2ban
- Restrict source IPs
- Monitor access logs
Access control
Section titled “Access control”Limit connections:
AllowUsers john janeAllowGroups sshusersMatch Address 192.168.1.0/24 PasswordAuthentication yes