LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-28-2015, 12:48 AM   #1
toker5000
LQ Newbie
 
Registered: Jun 2015
Posts: 3

Rep: Reputation: Disabled
Question Creating a usergroup and users for friends VPN usage. (deb7)


Hi, i subscribed to a VPS with average specifications, on which i installed Debian 7, apache2, mysql, php and wordpress because i want to learn to make websites for friends etc., however this isn't the focus of my question today.

I want to connect to the server with another user account, i currently login with root 100% of the time, i don't think its good practice. I use google-auth PAM, and want the other users to be required to use it.

i just finished installing OpenVPN following a digitalocean guide (not my vps provider but they have plenty of straightforward guides that are helpful).

I tried logging in with a user i made but i could not login even after changing his password from root account.

Any help?
 
Old 06-28-2015, 05:51 PM   #2
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,258

Rep: Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947
You created a vpn user or a regular user on the system? What VPN software did you install? What do your friends need the VPN for? If it's just for web browsing you can do it far easier and far less intrusively with a simple ssh proxy.
 
Old 06-28-2015, 06:39 PM   #3
toker5000
LQ Newbie
 
Registered: Jun 2015
Posts: 3

Original Poster
Rep: Reputation: Disabled
Just want my friends to get access to us netflix library. Canada doesnt have much.

Vpn software? I mentioned openvpn.

Will try going the proxy route.
 
Old 06-28-2015, 06:59 PM   #4
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,258

Rep: Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947
Didn't catch that.

Anyway, OpenVPN "users" are not like Linux "users". They're special accounts with keys that only work through OpenVPN. An OpenVPN client doesn't have a Linux account that they can log into, and vice versa, unless you specifically create both accounts for them.

As for an ssh proxy, just run this:
Code:
ssh -f -C -ND9999 user@host
google-chrome --proxy-server="socks://localhost:9999" http://whatismyip.com
That command will automatically open whatismyip.com, which is useful so you can compare the IP to your system's normal public IP, to confirm that the traffic through that web browser is actually going through the tunnel.

Your friends can do the same with their own accounts. You don't even need real accounts with shell access on the host, a jailkit account with no shell access can still use it for ssh proxy tunneling. You can do it on Windows systems too through Cygwin, the syntax is almost identical. Make a script to run it and then put it in a shortcut, and they can run the shortcut just like they can any other, to create the tunnel and open chrome automatically, provided the necessary ssh keys are set up to allow authentication without a password.

I do this when I'm on the road all the time. My home server is in the US, and when I'm out of the country I just tunnel home and watch Netflix with normal privileges.

The nice thing about doing it this way is ONLY the traffic through that one web browser will go through the tunnel. Everything else works normally through the user's normal internet connection. So it doesn't screw up local shares, printers, etc. like a VPN does. And you don't need to worry about subnet conflicts.

Last edited by suicidaleggroll; 06-28-2015 at 07:05 PM.
 
Old 06-28-2015, 11:59 PM   #5
toker5000
LQ Newbie
 
Registered: Jun 2015
Posts: 3

Original Poster
Rep: Reputation: Disabled
Thank you for the help,

if i expect someone from outside to connect to netflix using an ipad or a windows computer, i assume the procedure will be different, will try looking that up.

i'm also using google-authenticator, is it possible NOT to use google-auth for these jailkit/proxy accounts?

i will check a guide to make a proper non-root account for my own use (so i haveto use su or sudo like I should)

will do that during the day tomorrow, i'll let you know how that went.

 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
upgrading deb6 to deb7 ext4 Fred Caro Linux - Newbie 4 11-03-2013 09:47 PM
[SOLVED] PAM allow one usergroup and root from specified ip hakkis Linux - Software 21 08-03-2012 08:19 AM
Creating a VPN server compatible with Cisco VPN hardware? illuminatedwax Linux - Networking 0 08-14-2011 10:56 PM
Cannot find adduser, usergroup command wisdom Fedora 11 08-15-2009 06:08 PM
strict usergroup ?? how to ?? help plz Mr.Bingles Linux - Networking 0 06-07-2004 02:03 AM


All times are GMT -5. The time now is 06:41 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration