[Server-devel] Trying to access a school server from the outside world

[Gonzalo Odiard]

Hi,
I am trying to help Sora who installed a XSCE, and we need
configure some of the services.
What is the best way to access remotely?
It's possible do ssh to the external ip or is blocked in some way?
Anything else?

-- 
Gonzalo Odiard

SugarLabs - Software for children learning
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel

[Server-devel] White list on xsce

[Gonzalo Odiard]

There are a white list configured in the xsce server?
If yes, how can be changed?
Thanks,

-- 
Gonzalo Odiard

SugarLabs - Software for children learning
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel

Re: [Server-devel] Trying to access a school server from the outside world

[James Cameron]

There was talk of OpenVPN earlier, many months ago.

If you must open SSH, use a port number chosen randomly, ensure
password authentication is turned off, and make sure there's no way
for the kids to create .ssh/authorized_keys files.

The next problem is changes to IP address.  When both ends of the link
have dynamic addresses, I use an SSH relay.

On the XSCE instance create this script:

#!/bin/sh
while true; do
socat -t5 \
tcp:relay.example.com:20934,forever,interval=10,fork \
tcp:localhost:22
sleep 1
done

And then ensure it is run, e.g. using /etc/rc.d/rc.local or some other
method.

On your SSH server relay.example.com, run this command:

socat \
tcp-listen:23016,reuseaddr,fork \
tcp-listen:20934,reuseaddr,retry=10

On your local system, edit .ssh/config to contain:

Host fred
Hostname relay.example.com
Port 23016
User root
ConnectTimeout 300

And then connect by typing ssh fred.

The resulting connection to sshd appears to come from localhost.

It can be a bit slower than normal.

-- 
James Cameron
http://quozl.linux.org.au/
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel