LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 07-18-2006, 06:54 PM   #1
asilentmurmur
Member
 
Registered: Mar 2005
Posts: 206

Rep: Reputation: 30
How do i configure guarddog so i can use SSH remotely and ping my box?


Hey everyone

Here is the deal. I am currently running Slack 10.2 with Guarddog as my firewall.I Have SSH set up on my system. I want to be able to connect via SSH remotely to my computer. When I tried to ping my home computer remotely, the ping request timed out on me!Also I was not able to SSH from remote to my Linux box. I suspect this is an issue with the firewall configuration. How do I go about configuring guarddog so that I can ping my linux box AND SSH to it from a remote location?
 
Old 07-19-2006, 04:42 AM   #2
uselpa
Senior Member
 
Registered: Oct 2004
Location: Luxemburg
Distribution: Slackware, OS X
Posts: 1,507

Rep: Reputation: 46
How is your home PC connected to the internet? Is there an router which has a build-in firewall?
 
Old 07-19-2006, 05:19 AM   #3
asilentmurmur
Member
 
Registered: Mar 2005
Posts: 206

Original Poster
Rep: Reputation: 30
well my computer is connected to the internet via DSL. My desktop runs a cat5 cable to the router/modem that my ISP provided me with. I do not know if the actual router/modem has a built in firewall. I did port-forward port 22 and configure it for SSH in my router using the router configuration page.SSH works when i disable guarddog. But when guarddog is reenabled, no computer is able to ping nor SSH into my computer.

Last edited by asilentmurmur; 07-19-2006 at 05:20 AM.
 
Old 07-19-2006, 08:14 AM   #4
stitchman
Member
 
Registered: Dec 2005
Distribution: Slackware 13.1
Posts: 82

Rep: Reputation: 15
I can't help you with guarddog, but i want to recommend that if your router supports it, forward a diffrent port for ssh. What i mean is, make it so when you remotely ssh in, you are aiming at a port other than 22, such as 422, or 8022, or any non-standard ssh port. Have the router then forward that traffic to port 22 on your computer. I say this because there are a lot of script kiddies out there with brute force password guessers, you will see all their attempts in /var/log/messages.

Also, since you are using a software firewall along with your hardware firewall (router) i assume you are the paranoid type (a good thing) so you will want to edit /etc/ssh/sshd_config and add something like this:
Code:
AllowGroups users
AllowUsers <your username>
DenyGroups root bin daemon apache (etc...)
DenyUsers root bin daemon apache (etc...)
These two precautions should make it harder for someone to randomly find your computer (with nmap looking for port 22 open on a set of IP addresses) and if they do guess your "secret" port for ssh they wont be able to try to login as root with a password guesser.

I hope i helped a bit, though i know nothing about guarddog.
 
Old 07-19-2006, 10:58 AM   #5
uselpa
Senior Member
 
Registered: Oct 2004
Location: Luxemburg
Distribution: Slackware, OS X
Posts: 1,507

Rep: Reputation: 46
For Guardog, it works as follows:
- go to the "Protocol" tab
- in "Defined Network Zones" choose "Local"
- in the "Zone Properties" Part expand "Interactive Session"
- check the checkbox that is at the intersection of line "SSH - Remote Login Protocol" and column "Internet" (the checkmark must correspond to the one that is shown next to the label "protocol is permitted")
- finally, Apply these rules

What you did this way is that you said that the Local zone (i.e. your machine) serves SSH to clients in zone Internet.
 
Old 08-03-2006, 12:57 AM   #6
asilentmurmur
Member
 
Registered: Mar 2005
Posts: 206

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by stitchman
I can't help you with guarddog, but i want to recommend that if your router supports it, forward a diffrent port for ssh. What i mean is, make it so when you remotely ssh in, you are aiming at a port other than 22, such as 422, or 8022, or any non-standard ssh port. Have the router then forward that traffic to port 22 on your computer. I say this because there are a lot of script kiddies out there with brute force password guessers, you will see all their attempts in /var/log/messages.

Also, since you are using a software firewall along with your hardware firewall (router) i assume you are the paranoid type (a good thing) so you will want to edit /etc/ssh/sshd_config and add something like this:
Code:
AllowGroups users
AllowUsers <your username>
DenyGroups root bin daemon apache (etc...)
DenyUsers root bin daemon apache (etc...)
These two precautions should make it harder for someone to randomly find your computer (with nmap looking for port 22 open on a set of IP addresses) and if they do guess your "secret" port for ssh they wont be able to try to login as root with a password guesser.

I hope i helped a bit, though i know nothing about guarddog.

You said:
Quote:
can't help you with guarddog, but i want to recommend that if your router supports it, forward a diffrent port for ssh. What i mean is, make it so when you remotely ssh in, you are aiming at a port other than 22, such as 422, or 8022, or any non-standard ssh port. Have the router then forward that traffic to port 22 on your computer. I say this because there are a lot of script kiddies out there with brute force password guessers, you will see all their attempts in /var/log/messages.
How do i do that? my router has the standard SSH port forwarded for SSH and when i connect with an SSH client to this computer, i am using the standard port. i tried connecting with another port but it was to no avail. Could you explain to me step by step what i should do there? i am pretty much a n00b at life lol
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
XP Box won't connect to internet thru RH9 Box (firewall/dhcpd), it can only ping fire Rhapsodic Linux - Networking 4 07-10-2004 03:02 PM
Can I create a popup box that alerts me when someone logs in to my box remotely? davee Linux - Security 1 06-29-2004 03:00 PM
Can ping but can not telnet/ftp/ssh my box fbarre Linux - Networking 10 04-20-2004 12:11 AM
ssh to my box on ADSL remotely? yocompia Linux - Networking 5 09-07-2003 08:01 PM
Can't ping/ssh my box, Shorewall seems to block all traffic except http / ftp tiduck Linux - Networking 10 05-22-2003 09:21 PM


All times are GMT -5. The time now is 03:33 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration