Hi,

My home adsl isp provides only dynamic not static ip addressing. I would like to be able to telnet ssh from my home PC into a remote co-located linux server and limit root logins on that server only from a specific ip address (namely my home PC), to improve security. Would setting up an account with someone like a Dynamic DNS service such as dyndns.org or http://www.tzo.com/ to get a static IP from them allow me to do this? Or are dynamic dns accounts only for purpose of allowing others to access my home pc for web or other services on the home pc itself?

If a Dynamic DNS service would allow me to accomplish my hoped for scenario, can anyone please direct me to any documentation, books, sites etc. as to how to set it up, including recommendations, security issues to consider, etc. Would doing this place my PC or the server at risk

Or is there a better way to accomplish this other than with Dynamic DNS?

Thanks for any info.

I would just disable root logins period. Put your own remote account in the wheel group and su to root when you connect.

Yes I can't login to root from scratch, I have to login as a regular user first, THEN su - to root which I do from home. Is that what you mean?

Disable root logins in your co-lo box by editing sshd_config there. Then put your non-priv co-lo user account into the wheel group. Then ssh to co-lo as normal user and then su to root.

I think that's what I do now. I'm not familiar with the term wheel group - can U elaborate a bit or point me to docs on wheel group?

I do know it's not possible to login to my server as root without first logging in as a normal user and then doing a su -

At any rate I would still like input as to how to accomplish setting up a static IP address for my home PC using an outside service, for other reasons as well.

If you already can su to root, then no need to add to wheel. Wheel group members can su to root.

OK that's great thanks very much for that info TBC Cosmo, looks like it's set up OK. I still hope for input from anyone as to how to accomplish setting up a static IP address for my home PC which is networked to a dynamic IP by my ISP.

BY the way I can not disable root logins. I need remote root access and need to filter logins by ip address.

Does'nt ssh'ing in then su'ing to root accomplish the root access need? the reason I ask is that enabling a user called root to ssh in is not good practice.

Yes it does and that is how the server is set up.

Now that that has been estabilshed, how would I would set up my home PC with a Static IP address? So that I would be the only one able to login to a server via SSH telnet?

I want to add an extra measure of security.

Hmm, ok you can use tcpwrappers to allow by hostname in your case. With the dyndns account, you can put sshd : ALL : deny and in hosts.allow, you should be able to do sshd : host.domain.name : allow. That should work, I never tried it like that, only bt IP address. But in the docs it says you can allow or deny by hostname.

OK great thanks

So I guess my question is more pc side then server side. I guess I'm not asking the right question.

If I were to set up a static IP with dyndns or some other service like that, for my home PC only, how would I do that?.

What do I have to do? DO I install software onto my PC provided by the dyndns service?

I guess what I am looking for are detailed web based instructions as to how to set up my home pc up for having a static IP address without paying more to my internet service provider for the static IP. I could not find any in the FAQ's for the above two services on their sites.

Once I figure out how to have my home PC set up on a static IP, then I can go through my linux books as to how to limit telnet connections by IP.

And also what I am wondering, when I do this, is my internet connection from that point on known by that static IP address the dyndns service would provide? ANd does using an outside dynamic name server service pose any security risks for my home pc?