connecting two linux boxes remotely
greetings,
i am trying to connect box A to box B. Following, is a little schema of what I have: Box A: slackware 14.1 on network W (work location) Box B: slackware 14 current on network H (home location) So far, i tend to send the files (I think) i need via email or just pass them on a usb stick and then do the rest home; often i find that i need more files (or have forgotten something) and I have to either go back to the office or wait for the next day. I read about 'Remmina Remote Desktop Connection ' and it seems a feature rich package but then, since i'm not a network savvy, i thought that KRDC should do/be enough for what i need: just connect to my work pc/desktop so that i can grab some files and work from home. I have been trying to learn this for years and it has never been easy. Recently, i tried to give it another go and was reading/following this thread https://www.linuxquestions.org/quest...ks-4175544739/ but then realized how old it was and couldnt find a more recent (solved) similar topic. I just dont seem to grasp the whole concept of client/server, port forwarding, port triggering, port filtering, desktop sharing, IP port, pc port, etc. Is there a linux networking for dummies tutorial somewhere? Is the help and setting mentioned in the thread above still valid today? Regards, p.s.: the main question would be, why would anyone take their work home? I guess, it is more of a personal challenge now (since I have been coping with it for many years) |
Quote:
If you can't reach both from the outside, but can still reach one from the other, then you'll have to have a reverse tunnel set up in SSH first. If you can't reach either one then it is still possible but will either be more work or cost a little or both. |
Quote:
Quote:
I would love to get it done, but since it's not of any urgency and mostly just personal learning, i was wondering if anyone could point me to a good linux networking book/tutorial. I guess i will still manage to get my work home the 'old fashion way' and maybe once/if i learn the long and still complex process i will try to do it 'the savvy-way. Of course, suggestions about the connections are welcome. Regards |
Networking is rather a broad topic and you'd dig for months before being able to craft a file access method. I'd recommend just aiming for file access and picking up the knowledge for that as a start.
On your home computer does the outside address that your router reports match the one seen on the outside by http://canyouseeme.org/ or similar services? If so, then you can do port forwarding to your home computer and the still use SFTP to reach it and, via a reverse tunnel, the one at work too. |
Does your work know you would be connecting one of their servers to your home PC/server? Something to consider. If there is no issue with this, I suspect it would be easier to open your home firewall and set up an sftp server, or simply ssh and connect from your work server/pc to your home server/pc. If connected via ssh, you could use rsync for file copies.
|
Quote:
Quote:
Quote:
Quote:
Thanks p.s.: could the outside address that my router reports have been different? how? and why? and any differences? |
Ok since the router's reported outside address and the one actually observed from the outside mean that you can do port forwarding and use SFTP to reach your home computer. It also means that, later, technically you can set up a reverse tunnel and go the opposite direction, too. But first with the basic SFTP.
1. Set up OpenSSH-server on your home computer and verify that you can log in via the home LAN from another computer 2. Set up key-based authentication and then after having verified that turn off password authentication for SSH 3. Set up port forwarding and verify that you can log in via the ever-changing outside address 4. Sign up for a Dynamic DNS account and enter that info into your router or home computer Once you can connect with SSH, you get SFTP as part of the deal. And there are a wide range of SFTP clients, incluing your distro's own file manager. The Dynamic DNS account is necessary to map a static host name to your outside address if you get your IP address via DHCP. It works by running a client from your LAN which phones home and updates the DNS entry for your host name to match the one in use at the moment by your router. The alternative is to look up your router's external number every day before leaving and then use that when connecting back to home. The outside address could be different if there are several layers of NAT between your home and the Internet. See Carrier Grade NAT. NAT is an unfortunate hack often needed to share more computers across a smaller number of IPv4 addresses. Ok. Now there are a bunch of terms to look up. :) |
before i try anything, I forgot to post before that I tried to gFTP my home pc (since i am at work now) and an authentication window popped up asking for username for the site (whic h obviously i don't know/have).
|
As you have posted networking between two computers requires all that client/server, port forwarding, IP addresses kind of stuff.
It depends on your companies network firewall and security policies. Have you talked to your IT person? I assume you have no control over your companies firewall so direct access to your work computer from home is not possible unless there is a VPN or you can setup a reverse ssh tunnel. If you can ping your home's WAN IP address there is a good chance you can setup a reverse tunnel or be able to access your home computer remotely. |
FTP is not the same as SFTP despite the similarities in names. FTP should be avoided. It is insecure and very difficult to set up. SFTP is quite secure and rather easy to set up.
About being sure of connecting to the right machine, SSH (and thus SFTP) will print the server's (your home PC's) fingerprint when you first connect so you can verify that you are connecting to the right one. Search about verifying SSH host keys for more info. |
Quote:
Quote:
Thanks for now and will get back soon |
ok folks,
back home and excited to read about all those techy/geeky words. first things first: I realized that slackware current (my home pc, x64), has by default, disabled the ssh login; so i was learning how to fix this from this thread https://www.linuxquestions.org/quest...sh-4175593478/ which of course pointed to another page and, I happily landed here http://docs.slackware.com/howtos:security:sshkeys So, apparently, this is a very secure way to allow ssh logins, however when i looked at sshd.config every line is commented out (#) except these: Quote:
nevertheless, following the info on the slackware/howtos page, I created the key pair and tomorrow I will copy the public key on my work computer and keep the private key on my home box (if i understand right this is the way to avoid unwanted fingers to dig where they are not allowed, for example if, lets say, one of my employees knows how to use ssh and the console - not an IT company so i doubt any of them can). I remember that before leaving work today, I tried to connect to ssh server on my work pc (slackware14.1, x32 - so i guess it wasn't disabled by default) with Code:
# ssh root@192.168.0.xxx Am i missing something so far? or making a big salad in my head? |
You're on the right track. There's not a dot in the configuration file name, it's /etc/ssh/sshd_config and other names will be ignored. That said, PermitRootLogin needs to be set to something other than 'yes'
It's strongly recommended to turn off remote root access: Code:
PermitRootLogin no Code:
PermitRootLogin without-password I'd make sure the keys work over the LAN first, from a second machine, and then double check to be sure that remote root access is turned off. Then test against the external IP address if you can. |
WOW! i can't believe it was that simple. I guess, networking over linux has improved a lot in the last 10yrs or I havent tried hard enough in the past. or maybe it's just the beginning!
Ok so, after creating the key pair on my home pc (slack current x64) I opened another laptop (box C, also running slackware current) but apparently ssh was not disabled by default as i learned in my home pc; in fact on box C i ran Code:
#ssh 192.168.0.xxx Nevertheless, without having to copy the public key from box B to box C as suggested here http://docs.slackware.com/howtos:security:sshkeys the two computers started loving each other and I can ssh each other back and forth. Besides the technicality (anomaly) of this happy finding, how do i connect now to box A remotely (work pc, which i left on with the purpose of night testing)? Regards, just to recap and to avoid scrolling down to beginning: box A: work computer on slackware14.1 32bit box B: home desktop on slackware current, 64bit box C: home laptop on slackware current, 64bit |
Excellent. From about 20 years ago I remember reminding people that it is not necessarily easy but if it is hard something has gone wrong.
Quote:
1. ssh-keygen -f ~/.ssh/box-a.ed25519 -C "from box C" -t ed25519 2. ssh-copy-id -i ~/.ssh/box-a.ed25519 you@192.168.0.xxx 3. ssh-add -i ~/.ssh/box-a.ed25519 4. ssh -i ~/.ssh/box-a.ed25519 you@192.168.0.xxx 1) generate an Ed25519 key and give a name to help remember its purpose, add a comment 2) transfer the public key to the destination box A 3) load the private key in to the agent 4) use the private key (in the agent) to connect Then if you are able to connect using the key, you can turn off the password authentication on the SSH server in its sshd_config: Code:
PasswordAuthentication no Quote:
Code:
ssh -i ~/.ssh/box-a.ed25519 you@xxx.yyy.zzz.aaa |
All times are GMT -5. The time now is 08:01 AM. |