Opening it up to the Internet
To make the BeagleBone accessible from the internet, we first have to harden security, and set up dynamic DNS.
Hardening Security
Install fail2ban to ban people who try to log-in with the wrong password too often:
sudo apt-get install fail2ban
You can configure it, if you want, but the default options work nicely.
Disable root login:
sudo nano /etc/ssh/sshd_config
In the section "authentication", make sure that PermitRootLogin is set to "no":
# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
Press ctrl+o, then enter (to save), ctrl+x (to exit).
Restart the ssh server
sudo service ssh restart
Setting up dynamic DNS
You'll need a dynamic DNS provider. There you can sign up for a (free) domain, such as "example.no-ip.com". Using a small utility running either on the BeagleBone or on your router, you can periodically update the domain so that it always points to your (changing) home IP address.
The landscape of dynamic DNS providers keeps changing a bit, but if you look around, you will always find a free provider. One good provider is no-ip.com (if Microsoft isn't blocking them...), another good German provider is spdns.de. I made an account with no-ip.com, but it has the downside that I have to type in a CAPTCHA once a month (they send me an email reminder).
My FritzBox supports no-ip.com directly. Using its admininstrative interface, under "Internet" -> "Shares" -> "DynamicDNS", I can enter my account details. It doesn't take long, and the domain "example123.no-ip.com" (or so) points to the outward-facing IP-address of my FirtzBox.
If your router does not support dynamic DNS, you can download a client for no-ip.com that runs on the BeagleBone. The sudo apt-get ... does not work for current Ubuntu versions, but you can follow the instructions that tell you how to compile it from source. You probably need to install the compiler first:
sudo apt-get install build-essential
Then switch to a root session and download, compile and install the client:
sudo -s
cd /usr/local/src/
wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz
tar xf noip-duc-linux.tar.gz
cd noip-2.1.9-1/
make install
You will be asked for your account details. Without exiting the root session, configure the program
/usr/local/bin/noip2 -C
And then start it using
/usr/local/bin/noip2
Finally, exit the root session
exit
Opening ports on the router
This is slightly different for each router, but the general idea is, that you want to tell your router: "If anything arrives at your door on port X, forward it to the machine with the IP-address 192.168.0.Y, port Z.
On the FritzBox, this setting is under "Internet" -> "Shares" -> "Port Shares". Click on "New Port Share". In the "Portshare Active For" dropdown menu, click "Other Shares", and enter the following information:
Name: "ssh" (or whatever you like)
Protocol: "TCP"
From port "22" to port "22"
To computer "manually enter IP adress"
To IP-address "192.168.0.200" (or whatever the IP address of your BeagleBone is)
On port "22"
This forwards the standard ssh port to your BeagleBone. Go to a friend (or install an App on your smartphone and use the cellular network, not WLAN) and try it out by connecting to
ssh bob@example123.no-ip.com
When I try to connect to example123.no-ip.com from my home network, it doesn't work!
If it isn't working, your router might either be so old that it does not support "NAT reflection" (a fancy name for saying: An Internal PC cannot send packets to the external-IP of the router), or it is so new that it tries to prevent "DNS-Rebinding" (an attack technique where the attacker tells your browser to connect to something on the internal network).
The FritzBox tries to prevent "DNS-Rebinding", but you can override this setting for specific domains under "Home Network" -> "Network" -> "Network Settings". Just enter your No-IP.com domain (or whatever dynamic DNS provider you use) into the "DNS rebind protection" box.