Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
i have a linux server runnig oracle applications.
i need to access this server from putty using ssh through internet.
i did by registering my static ip with the dnydns.org and i am able to connect to the server.
but now there is no security to authenticate any user as any one knowing the password can login to it.
i thought of configuring the firewall of linux server but the client ip`s are not static and they change continiously.
so thought of keeping one more pc between the server and the router which will do the work of authenticating. but i am confuse as how to configure it to allow the packets coming from the internet after authenticating and to by pass the packets generated from internal LAN?
i have heared abut freeradius package but i am not sure will it work in my case?
I am confused by when you say you have a static IP, is that the server or the machine you are connecting from? If it's the machine you are connecting from the following lines should be able to do this for you
please note you should substitute xxx.xxx.xxx.xxx for your IP. There is an alternative method to this but this is more expandable, this will only work if you are connecting in from a single external IP, there are ways to do ranges too but this is just for a single static IP. Also you say other people have passwords to this server? are these user accounts or oracle accounts? Oracle accounts shouldn't have SSH access. There might be more to be done with these accounts then just blocking SSH access....
Really this should be in the Security Forum not the Newbie forum, heh.
Last edited by r3sistance; 02-08-2010 at 10:50 AM.
Introducing an extra firewalling layer won't help you much if
the authentication stays the same. Another option would be to
just use an ssh-passphrase for you local machine, and use
passwordless ssh connections to the box, denying password authentication
all together. Just got to make sure your putty data (your windows
profile) is safe from others.
I would also recommend using a strong passphrase for your private key. If you load your private key into putty's keygen program, it will print out an openssh compatible public key. Also consider using a non standard port for ssh. It will reduce the noise level of brute force attacks from script kiddies and compromised computers.
i am using a linux server. i am using putty to accesss it from my local lan. i have registered my ip on dyns and able to access it from internet from any machine.
so now problem is that any one having the username and password of the users can access it. i want a package so that it will allow extra authentication for the users trying to access it from the internet. for this i will be be implementing an extra linux machine in between the server and the router. i cannot implement any software installation on the client. whenever he logins from putty he should be asked extra authentication and then only his packets must be forwarded to the servers 22 port.
can u suggest me some package or idea to implement this????
i have a linux enterprise server running oracle apps and other services. i have opened a port in the router in such a way that i am able to access my server remotely from internet.
now i want a package or settings that would grant access to people who i want by giving them additional password and usernames as i cannot track their ip`s as they keep changing dynamically as they log in from datacards nor i can use mac based configuration of firewall.
so now i need a system that would be common for all the users using any software like putty or toad or any package to acess my server. it should use basically some authentication technique.
i thought of using private and public key but it will work only with putty and not with toad..
i have heared about freeradius but i am not able to use it as i am not getting any proper notes or documentation which i can follow...