Remote Access

#1 10th October 2007, 12:47 PM

Hi guys

I want to be able to access my linux box over the internet. so for example i want to be able to login to my machine from my campus network via ssh. what should i do to start ?

I have had ssh server mentioned.

all help all advice appreciated

urzasrage · #2 10th October 2007, 01:08 PM

ssh would work but it depends on your internet setup at home
Is your box at home directly connected to the internet or is it behind a router?

A good read for ssh server setup was provided by Firewing1
http://forums.fedoraforum.org/showthread.php?t=94257

#3 10th October 2007, 01:22 PM

Hi urz

I am not directly connected to the internet, I am wired to a router.

XTCHost · #4 11th October 2007, 01:03 AM

Heres a way of doing something....... I have just done it on my friends system and got it working with a little trial

Open a terminal and log in as root try su - (not sure what the - does but without it on some sytems you are not a "real" root user so I always now use that rather than just su

You should now see [root@localhost ~]#

Now install ssh by using this command

yum install openssh openssh-clients openssh-server pam_ssh pam_abl

Followed by:-

chkconfig sshd on (not sure what happens if you get a negative result)

Followed by:-

service sshd restart

This should set the pc up for ssh on port 22 - to change this I opened sshd_config using

gedit /etc/ssh/sshd_config

If you do not use gedit you can use vi

vi /etc/ssh/sshd_config

Add this line

Port 2222 (use any no. higher tham 1000)

below

#Port 22

And save, probably best to restart sshd using

service sshd restart

You now have to open the port you changed to mine was 2222 - you do this by opening up the firewall SELinux settings in your desktop GUI and open the port no you used. You should now be able to ssh from a computer behind your router. if using windows to ssh into Linux try using a program called putty - http://www.chiark.greenend.org.uk/~sgtatham/putty/

If that works, your good to go live. I am presumming that the linux pc is behind the router not the pc you are trying to connect from

To get access from the outside the router you need to create port forwarding on the router - on a Belkin it is called a virtual server. enter the inbound port no range, I tried 2222 - 2222 but I am not sure it worked so changed it to 2221 - 223 and it now works ok. Set the private port to the same settings and enable.

This should in theory work..... If it does not try relabeling your SELinux, you can do this by using the SELinux Admin tool from the GUI - I use Gnome, not sure about KDE. You then need to reboot

I got my system working using various combos of the above, hope this helps, most of it is from various posts on these forums that I have trawled through. Sorry if it is a little ABC in description but I find that sometime we get help and I dont fully understand it all - But its great to have the help.

PS If any of you "clever" guys can help with CLI commands rather than using the GUI I would appreciate it.

I am learning, slowly......

Zotter · #5 11th October 2007, 08:09 AM

Just setup your router to forward port 22 traffic from the I-net to your Linux box. Such configurations are pretty easy to accomplish using most home user router's web configuration tools.

then from a school PC run:
ssh -X <user>@<Home IP>

Assuming your school PC is a linux system. If not, do a quick google search for 'ssh putty' and download putty for windows. Provides a neat, free ssh client for windows. May also want to look for WinSCP - 'filezilla' like SCP client for secure file transfer using a GUI.

Of course, if your ISP provides you with a dynamic IP at home - well, the services of an outfit like dyndns.org would help. Then you could substitute <domain.name> for <Home IP> on your connect string.

By the way, that '-X' will forward X clients to your local server (in this case, the 'client' is your home PC and the server is the PC at school. Obviously, you'll need an X server on the school PC!). So you could, after logging in from school, type in something like 'firefox' and get a browser that's actually running on your home PC. Now, you could also setup VNC and even better yet, setup VNC to run over an SSH tunnel. Many ways to go here.

Now, if you want to protect your home sshd server from scans, crackers and general trash - just install and use something like 'denyhosts'. You can mung the port it listens on - but that's what's called 'security by obscurity' - look it up.

Also a good idea to setup iptables with some connection limiting - avoid floods. And enabling syn_cookies would help too.

You can even go a tad further, make sure you disable 'root' logins in /etc/ssh/sshd_config and use certificates for logins. No passwords! That makes for some real security.

http://denyhosts.sourceforge.net/

OralDeckard · #6 12th October 2007, 12:26 PM

"... try su - (not sure what the - does but without it on some sytems you are not a "real" root user so I always now use that rather than just su"

What the - does is make /root the home folder for your temporary use of root. Without it you are still "real root," you just still have your user folder as your home folder. Often leaving the - off is best. It is an option.

.:neogeo:. · #7 12th October 2007, 02:03 PM

hey keatonvictor,

This sounds like what you need! http://www.linux.com/feature/119446 ... also you might want to harden your ssh configuration ie. add a list of allowed user accounts that are allowed to connect, dont permit root access, setup max authentication tries etc and restrict access by using iptables to filter out IP address. HTCHost is correct by suggestin using an other port than 22 since all of the automated scanning tools test the 'known ports'.