VPN
For completeness, another option that could be considered is a VPN (Virtual Private Network) connection. Many modern home routers have VPN servers built in, or you can install them on other computers on the network (but then you have to port forward for that VPN service on your NAT router).
Your iPhone can support VPN connections via the OS, or an additional VPN client app. The particular flavour of VPN would determine this and there are many guides on the web for the various VPN servers and how to set them up and configure them.
For a VPN, your phone will establish a secure, private connection back to your VPN server on your network. It isnât just a security through obscurity setup, but a more rigorous setup. Your web traffic then gets tunnelled to this server and it makes web requests on your behalf and sends the results back to your phone. Because it is in on your home network, it allows you to access home network resources.
Because of the security involved, use of a VPN is often put forward as a preferred solution for remote access to any resources on a home network, and it gives you more than just access to SSH to a computer.
Dynamic DNS
Dynamic DNS was mentioned above, but letâs look at whwat it is and why it is importantâŚ
Note also, that regarding any of these solutions, for a home Internet connection, you probably are not issued a fixed IP Address for your connection. You should also look to see if your router has support for Dynamic DNS. If not, like a VPN, you can also add the setup for Dynamic DNS on a device inside your home network. What this service does is keep an online record for a domain name and whenever your external IP address at home changes, a device on your network tasked with doing so updates the online record so the domain always stays liked to the correct IP address.
If you donât use this setup, while your ISP might lease the same IP address to you for long periods, all it takes is a subtle shift in the network config or demands and the automated assignment process might give you a different address from their list of available addresses, and at that point you will be trying to connect to another network on that IP address rather than your own.
SSH Keys
If you do want to use SSH and port forward directly to your device, I would fully support the recommendations of @atnbueno to map an external port of something other than 22 to your internal computerâs port of 22. It is like waving a flag to net scanners saying âdirect access to my computer hereâ if you use the standard port number externally.
In addition, you should NOT put any direct connection out there if you are using a user ID password that are anything other than astronomically hard to guess.
The recommended approach is instead to use SSH keys to secure your login. This works by generating special sets of data using using public key cryptography that are shared to the relevant devices. It gives you a method of authentication that is much more secure than even complex IDS and passwords due to the nature of the setup and the lengths of the data involved (there is lots of public key cryptography and SSH key info out there if you want to understand why). In fact you should consider using SSH keys rather than usernames and passwords regardless.
The setup of SSH keys for Shortcuts connections had come up a few times in the past, so I ended up writing a blog post to refer people to. If you want to make you SSH access easier and way more secure, I would recommend walking it through.
Once setup, if you are making it available online, you probably want to look at disabling credential-based access over SSH.
I hope that adds some useful additions to the great info posted above. Remote access is very useful, but you want to ensure that whatever you do, you do it securely.
I have remote access to devices on my home network using the above methods and some more remote access options besides. I see in various logs how often automated scripts are trying to get into my network and it is unsettling to say the least. Without the protections, my network and devices would absolutely belong to someone else at this point.
Securing your access is critical to making this safe and worthwhile.