It sounds like to me your friend is using a router to access the internet…
The router acts as a firewall too, and provides services to other users on the router - so that malicious users “outside” can only hit your friend’s internet link on acceptable ports - but not computers on the other side of the firewall… Note : also - some ISP’s block ports (my ISP in Australia doesn’t) so you can’t run servers (e.g. http, ssh, ftp) for outside users.
So - your friend’s external / public IP address from their ISP is probably allocated to the router/firewall. The IP address of your friend’s Ubuntu/Lubuntu machine will be a “private” address, and not routable or addressable from the internet, probably 192.168.x.x, or 10.x.x.x, or 172.x.x.x… So your friend’s router needs to know how to reach the Linux machine.
I have two ways I, or a friend, can login to my Linux machines at home, via SSH.
Method 1.
I have a port forwarding rule on my router. I picked one port “at random” (but actually one that I know my work allows out), and then on my router (Netcomm brand) I’ve got a port forward rule that forwards that port - let’s call it “10222” to port 22 on my Raspberry Pi server’s “internal” IP address - note - this Raspberry Pi has a fixed IP address (hardcoded - but - it’s also “reserved” on the DHCP server on the firewall / router device).
I also have a free DDNS (dynamic DNS) service my router gets a DNS name from (as my IP address is not fixed) - let’s call it “bling.freedns.org” (I used to do this a sillier way before, when another ISP I was with didn’t support any decent DDNS providers - I’d run a cronjob on one of my Linux machines that checked if the external IP address changed [basically “curl icanhazip.com”], and if it did, emailed me the new IP address).
So - from ouside, just about anywhere that allows external access on port 10222 :
ssh mysusername@bling.freedns.org:10222
(and in most cases I have a line in my ~/.ssh/config file with “Port 10222” - so I can just “ssh myusername@bling.freedns.org
”)
Method 2.
But - I also installed OpenVPN on that raspberryPi - and - I have another port forward rule that portforwards from my router, the port that OpenVPN uses (I think it’s 1194)…
So I just fire up an OpenVPN client using my OpenVPN *.ovpn profile file - and - when I’m connected I can SSH to any other computer on my network - but - I need to know what those “private” internal IP addresses are.
Method “1” looks longer and wordier, but - it’s far simpler than method “2”.
Note : if you’re going to be “listening” for SSH connections on your external public facing ISP supplied IP address - you should do these things :
- Don’t LISTEN on port 22
- Ensure the default Ubuntu behaviour of no SSH access for “root” is in place
- Run “fail2ban” (I haven’t installed it on Ubuntu, but it’s in the debian repos - “sudo apt install fail2ban” - you don’t even have to configure anything, it works “out of the box”)
Your friend should probably do the same on their equipment.