I use ZeroTier in my day-today support world but would like, if possible, to ditch it.
I have a Windows VM running that I would like to SSH into without having to use something like Zerotier to be the middleman and using username / password as authentication.
My machine - Mac with SSH server enabled
VM machine running on my machine - Windows with OpenSSH server installed and a local IP of 10.211.55.4
How can this be done?
Treat me gently, my brain can't get around the concept of local, remote and dynamic connections!
How are you running your VM? VirtualBox has several different networking modes as an example. Some of them depend on the host being connected to a network to provide an IP.
With ZT your VM will have two IP's. The ZT IP will obviously only work on the ZT network.
What is the IP of your mac? Is it on a network or disconnected? That will have a big impact on how and if you can ssh to it from the VM but I guess the main problem is to ssh from the mac to the VM.
Knowing the Virtualization software and how it's networked is needed to be able to solve this.
Windows VM is on Parallels with shared networking (own private network, 10.211.55.4)
Mac has local IP from router (192.168.50.x)
Basically the Mac is connected to network via router, the VM to a separate "private" network.
Maybe it would be easier to more generally describe it as this:
I have a Mac sitting behind my router (IP address 192.168.50.x).
I want to SSH to another computer sitting behind yet another router (public ISP IP address unknown, can change at anytime and has no port forwarding).
I have a DDNS service through my router so my external IP is a known value (for example mymac.myipaddress.com)
Knowing the above how to SSH from the Mac to the remote machine. Can the SSH server (Windows or Mac) running on the remote machine use the DDNS address to allow me to SSH into it?
flowchart LR
A[Mac] -->|LAN| B(Router A)
B --> |Internet| C(Router B with DDNS)
C -->|LAN| D[Remote Machine]
A-.SSH .->D
According to your description, I draw a simple flowchart to reflect your scenario, am I understand you correctly? And, it seems there is nothing to do with your Windows VM.
I looked at Parallels different networking modes, KB Parallels: Network modes in Parallels Desktop for Mac, and it looks like you're using the default Shared mode. That should allow you to ssh to the VM from the host it's running on. I believe that was the initial question you had.
What you now describes sounds different or maybe it's the same and the VM was never on your own Mac?
Having a DDNS service for your external IP is of no help trying to reach the remote machine. For your use case I'm using Tailscale which is similar to ZeroTier. With Tailscale all my devices that's part of my TailNet have a fixed IP and all communication is encrypted, it's a VPN mesh. It's doesn't matter if remote devices move to other networks or get new local IP's. Tailscale will still work. It's free for 100 devices. All communication is direct between the devices. Traffic is not bounced through any middleman. All ports are open for all devices in the same Tailnet.
Even if you manage to get your solution to work with DDNS, reverse tunnels etc. it will be complicated and fragile. Any network change, router change, ports closed will break it.
Many thanks Mikael, you've confirmed what I suspected - some sort of agent is required on remote machines (as I already have with ZT which basically does exactly the same as Tailscale) so I'll stick with my existing set up.