Opening Bitvise SSH Server to the internet

Bitvise SSH Server is intended to run with minimal configuration after initial installation. However, when installed in a LAN environment, it will not immediately receive connections from the internet by default.

In order to open Bitvise SSH Server to the internet, other network components must first be configured. The most prominent such components are the firewall on the machine where the SSH server is running, and the router on the LAN to which this machine is attached.

Necessary preparation

Before you open Bitvise SSH Server to the internet, perform the following important steps:

• Follow instructions in Connecting for the first time to make sure you are able to connect to the SSH server from 'localhost'; that is, that you can connect from a client running on the same machine where the SSH server is installed.
• Follow instructions in Securing Bitvise SSH Server to lock down your settings to a degree where you are comfortable with them. After locking down your settings, use a client installed on the same machine to verify that everything is behaving the way you want.

Only when you are satisfied with the security of your settings, and when your settings work when connecting from 'localhost', open your SSH server to the internet by:

• opening the Bitvise SSH Server listening port(s) in your firewall, and
• configuring your router to forward internet connections to the machine where the SSH server runs.

Automatic Configuration

You can configure Bitvise SSH Server to perform the above tasks automatically:

• Open Bitvise SSH Server Easy settings. In the first tab (Server), change the setting "Open Windows Firewall" to "Open port(s) to any computer". This will automatically open your listening ports in your firewall when the SSH server is running.
• On the same tab, enable the setting "Automatically configure router (requires UPnP)". This will automatically configure your router to forward internet connections to Bitvise SSH Server when it is running.

If you have other software or hardware firewalls in addition to the Windows firewall, you will have to configure those firewalls manually.

In order for UPnP NAT forwarding to work, your router must support the Universal Plug and Play standard. Most recent routers do. If yours does not, you will have to configure it manually.

SSH Server Guide

Installing

Upgrading

Starting and monitoring

Connecting the first time

Configuring for SFTP, SCP, FTPS

Compatibility with FTPS clients

Securing the SSH Server

Host keys

Opening to the internet

Configuration backup

Groups and accounts

Security architecture

Windows domains

Active Directory permissions

Accessing network shares

Network/interactive logon

Public key authentication

Tunneling restrictions

Master/follower synchronization and clusters

Environment variables

Tasks, triggers, conditions

Scriptable configuration

Advanced config and use

Log files and MS Log Parser

Resources and utilities

About SSH

What is SSH?

Screenshots

Security

Resources

Getting Started

SSH Server Users' Guide

SSH Server Usage FAQ

Configuring SFTP and SCP

Securing the SSH server

Public keys in SSH

Port forwarding guide

Web browsing over SSH

X11 forwarding

Tunnel Remote Desktop

Tunnel WinVNC

How the internet works