# How to SSH to Your Local Computer from Anywhere via Mobile, Based on FRP Implementation Don't know how to set it up? Install Codex on both your server and computer (if you don't know how, ask GPT; just type commands in the terminal). Then paste this document into Codex and let it configure everything for you. If you really can't figure it out, just contact me: telegram=https://t.me/desci0 x=https://x.com/123olp (P.S.: Paid setup service available) # 📌 Prerequisites Before deploying the FRP server and client, please ensure you have the following environment and tools. These prerequisites are necessary for the FRP tunnel to function correctly. ## 1. Basic Environment Requirements ### ✔ A permanently online **AWS EC2 instance** * Recommended OS: Ubuntu 20.04/22.04 (this article uses Ubuntu as an example) * Must have a public IP address (AWS provides this by default) * Requires permission to modify security group rules (to open FRP ports) Purpose: To act as the FRP server (frps), providing a fixed access point for your Windows computer. ## 2. An internet-connected **Windows computer** * Windows 10 or Windows 11 * Requires normal user privileges (but some configurations need administrator privileges) * **OpenSSH Server** must be installed Purpose: To act as the FRP client (frpc), automatically connecting to AWS regardless of the network it's on. ## 3. Required Software / Repositories to Download ### ✔ FRP (Fast Reverse Proxy) Official Repository Address: ``` https://github.com/fatedier/frp ``` Version used in this deployment: ``` frp_0.58.1 ``` Download Page: ``` https://github.com/fatedier/frp/releases ``` Needed to download: * Linux version (for AWS) * Windows version (for local computer) ## 4. Required Software to Install ### ✔ Windows: OpenSSH Server + OpenSSH Client Installation Path: ``` Settings → Apps → Optional features → Add a feature ``` Purpose: Provides SSH login capability, allowing FRP to forward SSH to Windows. ## 5. Terminal Tool ### ✔ Termius (Recommended) * Used to connect to your Windows via SSH from your phone or computer * Supports generating SSH keys * Supports managing multiple hosts You must use Termius to generate the SSH private key (because you've enabled "key-only login"). Official Download: ``` https://termius.com ``` ## 6. Network and Port Requirements The following ports must be open in the AWS Security Group: | Port | Purpose | Required | | :---------------------------------------- | :------------------------- | :------- | | **FRP Control Port** (e.g., 1234 or 114514) | frpc → frps connection | ✔ Required | | **SSH Mapping Port** (e.g., 12345 or 114515) | Termius → Windows SSH | ✔ Required | If using UFW (Ubuntu Firewall), also need: ``` sudo ufw allow /tcp sudo ufw allow /tcp ``` ## 7. Public Key / Private Key Preparation (Key Login Required) You need to prepare in advance: * SSH private key generated by Termius (local) * SSH public key generated by Termius (needs to be placed in Windows' `authorized_keys`) This deployment has disabled password login, so **the private key must be kept secure, otherwise you will not be able to log in to Windows**. ## 8. Basic Linux Operation Skills Needs knowledge of the following basic commands (very simple): ``` cd /path nano / vim / notepad chmod / chown ps -ef | grep ss -lnpt nohup & tail -f ``` All covered in your document, no extra requirements. # 📌 Summary of Prerequisites (Final Version) ``` Must have: - AWS EC2 (Ubuntu, with public IP) - Windows computer (OpenSSH Server installed) - Termius (for SSH + key generation) - FRP (Download Linux + Windows versions) - AWS security group has FRP control port and SSH mapping port open - Termius generated SSH key pair ``` As long as the above prerequisites are met, your FRP tunnel, SSH key login, and cross-network remote access to your computer will 100% work correctly. If you wish, I can also help you: * String the entire document into a professional, formalized, integrated tutorial * Add "Scope, Version Description, Architecture Overview Diagram, Flowchart" to your document * Provide a systemd service template for FRP deployment * Provide a background frpc auto-start script for Windows (more reliable) Let me know if you need any of these! # FRP Server Deployment Guide This guide documents the FRP server configuration and operation methods on the current AWS EC2 (Ubuntu) instance, for future maintenance or reconstruction. ## Basic Information - Working directory: `/home/ubuntu/.frp` - FRP version: `frp_0.58.1_linux_amd64` - Executable: `/home/ubuntu/.frp/frp_0.58.1_linux_amd64/frps` - Configuration file: `/home/ubuntu/.frp/frp_0.58.1_linux_amd64/frps.ini` - Log file: `/home/ubuntu/.frp/frps.log` - Startup script: `/home/ubuntu/.frp/start_frps.sh` - Listening ports: - Control port `bind_port = 1234` - SSH mapping port `12345` - Token: `123456` ## Installation Steps 1. Create directory and download FRP: ```bash mkdir -p /home/ubuntu/.frp cd /home/ubuntu/.frp wget https://github.com/fatedier/frp/releases/download/v0.58.1/frp_0.58.1_linux_amd64.tar.gz tar -zxf frp_0.58.1_linux_amd64.tar.gz ``` 2. Create configuration `/home/ubuntu/.frp/frp_0.58.1_linux_amd64/frps.ini`: ```ini [common] bind_port = 1234 token = 123456 ``` 3. Write startup script `/home/ubuntu/.frp/start_frps.sh` (ready): ```bash #!/usr/bin/env bash set -euo pipefail BASE_DIR="$(cd "$(dirname "$0")" && pwd)" FRP_DIR="$BASE_DIR/frp_0.58.1_linux_amd64" FRPS_BIN="$FRP_DIR/frps" CONFIG_FILE="$FRP_DIR/frps.ini" LOG_FILE="$BASE_DIR/frps.log" if ! [ -x "$FRPS_BIN" ]; then echo "frps binary not found at $FRPS_BIN" >&2 exit 1 fi if ! [ -f "$CONFIG_FILE" ]; then echo "Config not found at $CONFIG_FILE" >&2 exit 1 fi PIDS=$(pgrep -f "frps.*frps\.ini" || true) if [ -n "$PIDS" ]; then echo "frps is running; restarting (pids: $PIDS)..." kill $PIDS sleep 1 fi echo "Starting frps with $CONFIG_FILE (log: $LOG_FILE)" cd "$FRP_DIR" nohup "$FRPS_BIN" -c "$CONFIG_FILE" >"$LOG_FILE" 2>&1 & sleep 1 PIDS=$(pgrep -f "frps.*frps\.ini" || true) if [ -n "$PIDS" ]; then echo "frps started (pid: $PIDS)" else echo "frps failed to start; check $LOG_FILE" >&2 exit 1 fi ``` ## Start and Stop - Start/Restart: ```bash cd /home/ubuntu/.frp bash ./start_frps.sh ``` - Check process: `ps -ef | grep frps` - Check listening: `ss -lnpt | grep 1234` - View logs: `tail -n 50 /home/ubuntu/.frp/frps.log` - Stop (if manual): `pkill -f "frps.*frps.ini"` ## Security Group and Firewall - AWS Security Group (sg-099756caee5666062) needs to open inbound TCP 1234 (FRP control) and 12345 (SSH mapping). - If using ufw, execute: ```bash sudo ufw allow 1234/tcp sudo ufw allow 12345/tcp ``` ## Remote Client Requirements - In Windows `frpc.ini`, `server_addr` points to this EC2 public IP, `server_port=1234`, `remote_port=12345`, token matches server. - Termius/SSH client uses `ssh lenovo@ -p 12345`, authentication method is key (private key generated by Termius Keychain). ## Maintenance Suggestions - FRP official has indicated that INI format will be deprecated in the future; subsequent upgrades recommend switching to TOML/YAML. - `start_frps.sh` can be registered as a systemd service to ensure automatic startup after instance reboot. - Regularly check `frps.log` for abnormal connections or errors, and ensure the token is not leaked. FRP Windows Client Configuration Guide ================================ Last Updated: 2025-12-05 Applicable Environment: Windows 10/11, user lenovo, OpenSSH Server already installed on this machine. I. Directories and Files - FRP Program Directory: C:\frp\ - frpc.exe - frpc.ini (client configuration) - start_frpc.bat (background startup script) - SSH Keys: - Private key: C:\Users\lenovo\.ssh\666 - Public key: C:\Users\lenovo\.ssh\666.pub - Administrator authorized public key: C:\ProgramData\ssh\666_keys II. frpc.ini Content (currently effective) [common] server_addr = 13.14.223.23 server_port = 1234 token = 123456 [ssh] type = tcp local_ip = 127.0.0.1 local_port = 22 remote_port = 12345 III. Startup and Autostart 1) Manual foreground verification (optional) PowerShell: cd C:\frp .\frpc.exe -c frpc.ini 2) Background quick start Double-click C:\frp\start_frpc.bat 3) Startup autostart (simple way) Copy start_frpc.bat to the Startup folder: C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Automatically starts in the background on next login. IV. SSH Connection Method - Terminal command: ssh -i "C:\Users\lenovo\.ssh\666" -p 12345 lenovo@13.14.223.23 - Termius entry: Host 13.14.223.23 Port 12345 User lenovo Key Select C:\Users\lenovo\.ssh\666 (no passphrase) V. Permissions and Security - Private key permissions restricted to lenovo, SYSTEM readable. - sshd has password login disabled (PasswordAuthentication no), key-only. - Administrator group users use C:\ProgramData\ssh\666_keys as the authorization list. VI. Common Checks - Check frpc running: Task Manager or netstat -ano | findstr 1234 - Check frpc logs (WSL version, if needed): /tmp/frpc-wsl.log - Test SSH: If the above ssh command returns ok, it's working. VII. Troubleshooting Quick Reference - "Permission denied (publickey)": * Confirm 666 public key is in C:\ProgramData\ssh\666_keys * Confirm private key path/permissions are correct. - "Connection refused": frps not running or ports 1234/12345 not open. - frpc not connecting: Run frpc in foreground to check prompts, or check if server_addr, token in frpc.ini match. Termius (Mobile) Connection Steps: 1. Create Host - Host (Address): 13.14.223.23 - Port: 12345 - Label can be customized (e.g., FRP-Home) 2. Authentication method select Key - In Authentication, select Key - Click Import Key (or "From file/paste") - Import the content of the local private key 666 (it is recommended to transfer it securely to the mobile phone and then paste it; if Termius supports importing from a file, select that file). The private key content is at PC path: C:\Users\lenovo\.ssh\666 (plain text, starting with -----BEGIN OPENSSH PRIVATE KEY-----). - Leave Passphrase empty (this key has no passphrase). 3. Username - Username: lenovo 4. Save and Connect - Accept the fingerprint prompt on first connection. 5. Optional Security Measures - Set a local encryption password for this private key in Termius (App-layer protection). - If it is inconvenient to copy the private key, you can generate a new key on the mobile end and append its public key to C:\ProgramData\ssh\666_keys, but currently 666 is already usable, just import as above. One-click startup command (execute in current administrator PowerShell) # Allow, prevent blocking & direct foreground startup Add-MpPreference -ExclusionPath "C:\frp" Unblock-File C:\frp\frpc.exe cd C:\frp .\frpc.exe -c frpc.ini If you want to start in the background (without occupying a window): cd C:\frp Start-Process -FilePath ".\frpc.exe" -ArgumentList "-c frpc.ini" -WindowStyle Hidden Need autostart on boot (highest privilege): schtasks /Create /TN "FRPClient" /TR "C:\frp\frpc.exe -c C:\frp\frpc.ini" /SC ONLOGON /RL HIGHEST /F /RU lenovo