FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 02-26-2011, 09:56 PM
Jason Hsu
 
Default How do you remotely access a home server/network?

I've learned how to turn an old computer into a firewall and DHCP server for my tiny home network.

I understand that I can install an SSH server on this machine so that I can access it from outside. Once I have this SSH server connected to the Internet, how do I access it from another location? I have DSL broadband service, but I don't think I have a static IP address.

--
Jason Hsu <jhsu802701@jasonhsu.com>


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110226165610.c5e0b4c1.jhsu802701@jasonhsu.com">h ttp://lists.debian.org/20110226165610.c5e0b4c1.jhsu802701@jasonhsu.com
 
Old 02-26-2011, 10:01 PM
Andrei Popescu
 
Default How do you remotely access a home server/network?

On Sb, 26 feb 11, 16:56:10, Jason Hsu wrote:
> I've learned how to turn an old computer into a firewall and DHCP server for my tiny home network.
>
> I understand that I can install an SSH server on this machine so that
> I can access it from outside. Once I have this SSH server connected
> to the Internet, how do I access it from another location? I have DSL
> broadband service, but I don't think I have a static IP address.

There are several free dynamic DNS services for this.

Regards,
Andrei
--
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
 
Old 02-26-2011, 10:07 PM
Ron Johnson
 
Default How do you remotely access a home server/network?

On 02/26/2011 05:01 PM, Andrei Popescu wrote:

On Sb, 26 feb 11, 16:56:10, Jason Hsu wrote:

I've learned how to turn an old computer into a firewall and DHCP server for my tiny home network.

I understand that I can install an SSH server on this machine so that
I can access it from outside. Once I have this SSH server connected
to the Internet, how do I access it from another location? I have DSL
broadband service, but I don't think I have a static IP address.


There are several free dynamic DNS services for this.



You'll also need to learn port forwarding.

--
I prefer banana-flavored energy bars made from tofu.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 4D6987A6.9010306@cox.net">http://lists.debian.org/4D6987A6.9010306@cox.net
 
Old 02-26-2011, 10:11 PM
Slicky Johnson
 
Default How do you remotely access a home server/network?

On Sat, 26 Feb 2011 16:56:10 -0600
Jason Hsu <jhsu802701@jasonhsu.com> wrote:

> I've learned how to turn an old computer into a firewall and DHCP
> server for my tiny home network.
>
> I understand that I can install an SSH server on this machine so that
> I can access it from outside. Once I have this SSH server connected
> to the Internet, how do I access it from another location? I have
> DSL broadband service, but I don't think I have a static IP address.
>

Best bet is to set yourself up with a free account at
http://www.dyndns.com/ then install and configure ddclient. That
will report your IP so you only need to remember what you've
setup on dyndns. Lets say you pick jason.homelinux.net... Next you
would most likely want to move the port openssh server is listening on
from 22 to something else. we'll say 32123.. Next you would run..

ssh -p 32123 username@jason.homelinux.net

That should do it.

The reason to move away from 22 is to give yourself an added buffer of
security for port sweeps by the script kiddies. Of course there are
other dns services and other programs like ddclient. However, it's what
I've used over the last couple of years and works fine for me.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110226181108.3cd25c2f@t61.debian-linux">http://lists.debian.org/20110226181108.3cd25c2f@t61.debian-linux
 
Old 02-26-2011, 10:12 PM
Aaron Toponce
 
Default How do you remotely access a home server/network?

On 02/26/2011 03:56 PM, Jason Hsu wrote:
> I've learned how to turn an old computer into a firewall and DHCP server for my tiny home network.
>
> I understand that I can install an SSH server on this machine so that I can access it from outside. Once I have this SSH server connected to the Internet, how do I access it from another location? I have DSL broadband service, but I don't think I have a static IP address.

Open up port 22 in your firewall, and find out what your IP address is.
If you don't have a static IP, you can check out many of the dynamic DNS
services available, such as dyndns.org.

You could also install OpenVPN, and get full unfettered access to your
internal home network. Of course, you would have to punch open port 1194
to get access.

Either way, you're exposing your internal network to the Internet if you
don't have good security procedures in place. Have a strong password (I
recommend http://passwordcard.org), chroot jail your daemon, use remote
logging, and take advantage of strict firewalls. In other words, lock it
down.

--
. o . o . o . . o o . . . o .
. . o . o o o . o . o o . . o
o o o . o . . o o o o . o o o
 
Old 02-26-2011, 10:46 PM
Brian
 
Default How do you remotely access a home server/network?

On Sat 26 Feb 2011 at 16:12:33 -0700, Aaron Toponce wrote:

> Either way, you're exposing your internal network to the Internet if you
> don't have good security procedures in place. Have a strong password (I
> recommend http://passwordcard.org), chroot jail your daemon, use remote
> logging, and take advantage of strict firewalls. In other words, lock it
> down.

If the strong password is being used by only one person (which appears
to be the case here) in what sense is it lacking if it is the only
security in place? Doesn't it give sufficient lockdown?


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110226234625.GB7935@desktop">http://lists.debian.org/20110226234625.GB7935@desktop
 
Old 02-26-2011, 11:18 PM
Slicky Johnson
 
Default How do you remotely access a home server/network?

On Sat, 26 Feb 2011 23:46:25 +0000
Brian <ad44@cityscape.co.uk> wrote:

> On Sat 26 Feb 2011 at 16:12:33 -0700, Aaron Toponce wrote:
>
> > Either way, you're exposing your internal network to the Internet
> > if you don't have good security procedures in place. Have a strong
> > password (I recommend http://passwordcard.org), chroot jail your
> > daemon, use remote logging, and take advantage of strict firewalls.
> > In other words, lock it down.
>
> If the strong password is being used by only one person (which appears
> to be the case here) in what sense is it lacking if it is the only
> security in place? Doesn't it give sufficient lockdown?
>
>

Well this thread could certainly go on forever.

Jason, also have a look at the securing Debian manual with attention on
ssh. Perhaps removing passwords all together and only using a key, no
root, etc. From experience I will say moving your listening port from
22 to something else will keep your logs fairly clear. Internet facing
machine I'm looking at right now only had 8 packets hit 22 yesterday.
Dropped of course and not by chance from the same Chinese IP.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110226191813.42059955@t61.debian-linux">http://lists.debian.org/20110226191813.42059955@t61.debian-linux
 
Old 02-27-2011, 12:49 AM
shawn wilson
 
Default How do you remotely access a home server/network?

On Feb 26, 2011 7:18 PM, "Slicky Johnson" <slickyjohnson@gmail.com> wrote:

>

> On Sat, 26 Feb 2011 23:46:25 +0000

> Brian <ad44@cityscape.co.uk> wrote:

>

> > On Sat 26 Feb 2011 at 16:12:33 -0700, Aaron Toponce wrote:

> >

> > > Either way, you're exposing your internal network to the Internet

> > > if you don't have good security procedures in place. Have a strong

> > > password (I recommend http://passwordcard.org), chroot jail your

> > > daemon, use remote logging, and take advantage of strict firewalls.

> > > In other words, lock it down.

> >

> > If the strong password is being used by only one person (which appears

> > to be the case here) in what sense is it lacking if it is the only

> > security in place? Doesn't it give sufficient lockdown?

> >

> >

>

> Well this thread could certainly go on forever.


I agree with this. And there are a few harden* packages that help prevent you from installing absolute crap


My only real addition to this is get familiar with how to add deny rules to iptables. Then, every time pam reports that ssh got a bad pass and you didn't do it, block it.


I also wouldn't use a gateway box for anything other than snort and forwarding traffic. Get another crappy box for ssh (if you do openvpn you might have to upgrade though).


>

> Jason, also have a look at the securing Debian manual with attention on

> ssh. Perhaps removing passwords all together and only using a key, no

> root, etc. From experience I will say moving your listening port from

> 22 to something else will keep your logs fairly clear. Internet facing

> machine I'm looking at right now only had 8 packets hit 22 yesterday.

> Dropped of course and not by chance from the same Chinese IP.

>


Yeah, if you setup snort on an external box you get to see all the people who scan the internet every day.


Also, if your ip changes too offer, I'd just email it to me when it changes. However, my current isp hasn't changed my ip sense I got the service a year ago so I just trust that they're not going to change it on me at random.
 
Old 02-27-2011, 02:59 AM
Andrew McGlashan
 
Default How do you remotely access a home server/network?

Hi,

Jason Hsu wrote:

I've learned how to turn an old computer into a firewall and DHCP server for my tiny home network.


Which distro are you using?


I understand that I can install an SSH server on this machine so that I can access it from outside. Once I have this SSH server connected to the Internet, how do I access it from another location? I have DSL broadband service, but I don't think I have a static IP address.


My suggestion is to use a dedicated firewall machine with as little on
that as needed, absolute minimum. No ssh on this server.


Use port forwarding to a box running just ssh (no other public
services); consider ONLY port forwarding from trusted IP addresses if
possible.


On the ssh server ensure you use AllowGroups in your ssh setup,
/bin/false is not suitable to secure ssh logins [1]. Also consider
logins only with certificates (if you can). Consider NOT allowing root
access, you can always sudo or su to root if needed. Consider if you
need tunneling enabled on your ssh server.


Ensure, if allowing password logins via ssh that you have a nice long
and secure password. Simple or short passwords offer little or no security.


There are logs more things to consider, but the above should give you a
good start.


[1] http://www.semicomplete.com/articles/ssh-security/

--
Kind Regards
AndrewM

Andrew McGlashan
Broadband Solutions now including VoIP


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 4D69CC20.7030504@affinityvision.com.au">http://lists.debian.org/4D69CC20.7030504@affinityvision.com.au
 
Old 02-27-2011, 07:23 AM
Andrei Popescu
 
Default How do you remotely access a home server/network?

On Sb, 26 feb 11, 18:11:08, Slicky Johnson wrote:
>
> The reason to move away from 22 is to give yourself an added buffer of
> security for port sweeps by the script kiddies.

IMVHO, I disagree. Moving a service away from it's default port does not
bring additional security, just less noise in the logs.

Regards,
Andrei
--
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
 

Thread Tools




All times are GMT. The time now is 06:15 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org