Re: [gentoo-user] Reaching my network over the internet
Hello, I'd like to ssh into my network over the internet. Do I need to set up VPN for that? Can anyone point me in the right direction? - Grant no, you just type: ssh my.network.com Depending on your setup you will probably need to set your firewall/router to forward port 22 to the machine you want to log into. Also make sure your ssh server is set up securely. I really don't have any idea where to start here. Does anyone know of an online guide (preferrably in Gentoo context) that would help? - Grant -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Reaching my network over the internet
On 29 Dec 2005, at 17:28, Grant wrote: ... you just type: ssh my.network.com Depending on your setup you will probably need to set your firewall/router to forward port 22 to the machine you want to log into. Also make sure your ssh server is set up securely. I really don't have any idea where to start here. Does anyone know of an online guide (preferrably in Gentoo context) that would help? How is your network connected to the internet? http://www.google.com/search?ie=utf8oe=utf8q=port+forwarding The first link looks fairly useful. Stroller. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Reaching my network over the internet
If you are looking to reach your gentoo computer, consider sshd. You can search the gentoo wiki for help docs for setup and usuage. http://www.gentoo-wiki.com On 12/29/05, Stroller [EMAIL PROTECTED] wrote: On 29 Dec 2005, at 17:28, Grant wrote: ... you just type: ssh my.network.com Depending on your setup you will probably need to set your firewall/router to forward port 22 to the machine you want to log into. Also make sure your ssh server is set up securely. I really don't have any idea where to start here. Does anyone know of an online guide (preferrably in Gentoo context) that would help? How is your network connected to the internet? http://www.google.com/search?ie=utf8oe=utf8q=port+forwarding The first link looks fairly useful. Stroller. -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Reaching my network over the internet
... you just type: ssh my.network.com Depending on your setup you will probably need to set your firewall/router to forward port 22 to the machine you want to log into. Also make sure your ssh server is set up securely. I really don't have any idea where to start here. Does anyone know of an online guide (preferrably in Gentoo context) that would help? How is your network connected to the internet? http://www.google.com/search?ie=utf8oe=utf8q=port+forwarding The first link looks fairly useful. Stroller. That helped a lot. I have a high-number port on the router forwarding to one of my systems. How can I access the forwarded-to service from a random point on the Internet? I need something static to represent my router on the Internet. I've tried using the IP address that is used for me externally when I'm browsing but it doesn't work. I use cable internet service and I think that IP address is used for many different customers. - Grant -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Reaching my network over the internet
On 29 Dec 2005, at 22:30, Grant wrote: How is your network connected to the internet? http://www.google.com/search?ie=utf8oe=utf8q=port+forwarding The first link looks fairly useful. Stroller. That helped a lot. I have a high-number port on the router forwarding to one of my systems. How can I access the forwarded-to service from a random point on the Internet? I need something static to represent my router on the Internet. I've tried using the IP address that is used for me externally when I'm browsing but it doesn't work. I use cable internet service and I think that IP address is used for many different customers. I have heard of ISPs NATting their customers, but I think it would be pretty unusual these days. Does the high-port forwad to port 22 on your PC? Or is the PC listening for ssh? See /etc/ssh/sshd_config for that one. How are you testing ssh'ing to your external IP address? Doing so from inside the LAN won't work - you're better port-scanning yourself by visiting Shields Up! at http://grc.com You can get a hostname which will resolve to your dynamic IP at http://dyndns.com - there are some free utilities which you can run to do the updating. Stroller. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Reaching my network over the internet
How is your network connected to the internet? http://www.google.com/search?ie=utf8oe=utf8q=port+forwarding The first link looks fairly useful. Stroller. That helped a lot. I have a high-number port on the router forwarding to one of my systems. How can I access the forwarded-to service from a random point on the Internet? I need something static to represent my router on the Internet. I've tried using the IP address that is used for me externally when I'm browsing but it doesn't work. I use cable internet service and I think that IP address is used for many different customers. I have heard of ISPs NATting their customers, but I think it would be pretty unusual these days. Does the high-port forwad to port 22 on your PC? Or is the PC listening for ssh? See /etc/ssh/sshd_config for that one. How are you testing ssh'ing to your external IP address? Doing so from inside the LAN won't work - you're better port-scanning yourself by visiting Shields Up! at http://grc.com You can get a hostname which will resolve to your dynamic IP at http://dyndns.com - there are some free utilities which you can run to do the updating. Stroller. Also, what should I do about securing ssh? I'm using a high port number. Is there other special configuration I should be using? I'm using the standard sshd_config except for the high port number specification. - Grant -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Reaching my network over the internet
How is your network connected to the internet? http://www.google.com/search?ie=utf8oe=utf8q=port+forwarding The first link looks fairly useful. Stroller. That helped a lot. I have a high-number port on the router forwarding to one of my systems. How can I access the forwarded-to service from a random point on the Internet? I need something static to represent my router on the Internet. I've tried using the IP address that is used for me externally when I'm browsing but it doesn't work. I use cable internet service and I think that IP address is used for many different customers. I have heard of ISPs NATting their customers, but I think it would be pretty unusual these days. Does the high-port forwad to port 22 on your PC? Or is the PC listening for ssh? See /etc/ssh/sshd_config for that one. How are you testing ssh'ing to your external IP address? Doing so from inside the LAN won't work - you're better port-scanning yourself by visiting Shields Up! at http://grc.com You can get a hostname which will resolve to your dynamic IP at http://dyndns.com - there are some free utilities which you can run to do the updating. Stroller. I had that screwed up. I was using /etc/ssh/ssh_config instead of sshd_config. So I should leave ssh_config alone? Working great now! - Grant -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Reaching my network over the internet
You can get a hostname which will resolve to your dynamic IP at http://dyndns.com - there are some free utilities which you can run to do the updating. There is also no-ip.com both no-ip and dyndns update clients are in the portage tree so now worries there. Sorry for the repetitive mail. -- Ryan Viljoen Bsc(Eng) (Electrical) When you say I wrote a program that crashed Windows, people just stare at you blankly and say Hey, I got those with the system, for free. - Linus Torvalds, 1995 -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Reaching my network over the internet
On 29 Dec 2005, at 23:18, Grant wrote: Also, what should I do about securing ssh? I'm using a high port number. Is there other special configuration I should be using? I'm using the standard sshd_config except for the high port number specification. Using a high port number isn't terribly helpful - it's just security through obscurity and if someone were to port-scan you with all nmap's options turned on they'd surely figure out you were running ssh on that port. Since SSH is encrypted there's not much you need to do to secure it. I disable root logins via ssh with PermitRootLogin no to save the password of one known account from being guessable or brute forced. If you want to be paranoid you can restrict logins to known keys, I think. A but of homework will tell you more about that - I usually just add known secure machines to ~/.ssh/authorized_keys2 to save me typing a password when shelling around my LAN stuff. Stroller. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Reaching my network over the internet
On Sun, 16 Oct 2005 21:27:22 -0400, Dave Nebinger wrote: Unless you really feel comfortable with your own security infrastructure, your best bet is to edit your /etc/ssh/sshd_config file and change the port number to only something you'd think of in the higher range of port numbers. Disabling password logins will also help, although it is not practical for everyone. -- Neil Bothwick How is it possible to have a civil war? pgpUMiYRsiPhD.pgp Description: PGP signature
[gentoo-user] Reaching my network over the internet
Hello, I'd like to ssh into my network over the internet. Do I need to set up VPN for that? Can anyone point me in the right direction? - Grant -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Reaching my network over the internet
no, you just type: ssh my.network.com Depending on your setup you will probably need to set your firewall/router to forward port 22 to the machine you want to log into. Also make sure your ssh server is set up securely. On Sun, 16 Oct 2005 09:59:53 -0700 Grant wrote: Hello, I'd like to ssh into my network over the internet. Do I need to set up VPN for that? Can anyone point me in the right direction? - Grant -- gentoo-user@gentoo.org mailing list -- Nick Rout [EMAIL PROTECTED] -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Reaching my network over the internet
On Sunday 16 October 2005 09:18 pm, Nick Rout wrote: no, you just type: ssh my.network.com Depending on your setup you will probably need to set your firewall/router to forward port 22 to the machine you want to log into. Also make sure your ssh server is set up securely. This last statement really needs to be highlighted for all of the newbies out there... Just opening port 22 will expose your system to attempted break-ins. If you look at your authorize.log (or relevant log depending upon your syslog config), you'll see after a couple of days different systems accessing ssh an trying to log in as root and/or other users. Unless you really feel comfortable with your own security infrastructure, your best bet is to edit your /etc/ssh/sshd_config file and change the port number to only something you'd think of in the higher range of port numbers. It will still be open, you'll still be able to hit the box from anywhere outside your network, but the different port number ensures that random port scans and breakin attempts will be significantly lower than if you just tried to use standard port #22. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Reaching my network over the internet
On Sun, 16 Oct 2005 21:27:22 -0400 Dave Nebinger wrote: On Sunday 16 October 2005 09:18 pm, Nick Rout wrote: no, you just type: ssh my.network.com Depending on your setup you will probably need to set your firewall/router to forward port 22 to the machine you want to log into. Also make sure your ssh server is set up securely. This last statement really needs to be highlighted for all of the newbies out there... Just opening port 22 will expose your system to attempted break-ins. If you look at your authorize.log (or relevant log depending upon your syslog config), you'll see after a couple of days different systems accessing ssh an trying to log in as root and/or other users. Unless you really feel comfortable with your own security infrastructure, your best bet is to edit your /etc/ssh/sshd_config file and change the port number to only something you'd think of in the higher range of port numbers. Yes or just leave it where it is on that box and get your firewall to forward your high port to port 22 on the machine you want to log into. It will still be open, you'll still be able to hit the box from anywhere outside your network, but the different port number ensures that random port scans and breakin attempts will be significantly lower than if you just tried to use standard port #22. -- gentoo-user@gentoo.org mailing list -- Nick Rout [EMAIL PROTECTED] -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Reaching my network over the internet
Am Sonntag, den 16.10.2005, 21:27 -0400 schrieb Dave Nebinger: On Sunday 16 October 2005 09:18 pm, Nick Rout wrote: no, you just type: ssh my.network.com Depending on your setup you will probably need to set your firewall/router to forward port 22 to the machine you want to log into. Also make sure your ssh server is set up securely. This last statement really needs to be highlighted for all of the newbies out there... Just opening port 22 will expose your system to attempted break-ins. If you look at your authorize.log (or relevant log depending upon your syslog config), you'll see after a couple of days different systems accessing ssh an trying to log in as root and/or other users. Just wanted to second that strongly. I'm hooking up firewalls to the net pretty much on a daily base. The average time it takes until the first random port scan hits a brand new box is 15 seconds - at least within the areas my customers reside. BTW my highscore is 2 seconds ;-) So running SSH on high-ports plus using RSA for me is pretty much a must. Anyway - the preferred way to remotely access a box should be via VPN IMHO. Unless you really feel comfortable with your own security infrastructure, your best bet is to edit your /etc/ssh/sshd_config file and change the port number to only something you'd think of in the higher range of port numbers. It will still be open, you'll still be able to hit the box from anywhere outside your network, but the different port number ensures that random port scans and breakin attempts will be significantly lower than if you just tried to use standard port #22. -- Mit freundlichen Grüßen Heinz Sporn SPORN it-freelancing Mobile: ++43 (0)699 / 127 827 07 Email: [EMAIL PROTECTED] [EMAIL PROTECTED] Website: http://www.sporn-it.com Snail: Steyrer Str. 20 A-4540 Bad Hall Austria / Europe -- gentoo-user@gentoo.org mailing list