how do I configure an office lan to allow connections over the internet
Hi all,
can someone give me some pointers or clues how I can setup a connection to my office at home to allow secure remote access over the internet? I am running redhat 4 enterprise server. I am fairly new to Linux but an experience Unix admin on other flavours .... I am looking to setup a linux firewall as an access point and will login to the linux box and then ssh to my Unix servers running AIX ann linux. I have no problem setting up the SSH connectivity between the hop on server to my other servers. any tips guys? many thanks Chris L. |
Well, if you can except local SSH traffic (aka port 22 by default)as you say, then all you would likely have to complete is simple port fowarding on your router.
Edit: There are some good security options in sshd's config file. I have yet to find a distro that's path to this file is different. It always seems to be: /etc/ssh/sshd_config Some of the best options are the "PermitRootLogin" and "AllowUsers" directives within the sshd configuration file. They can offer a lot of added security very fast. |
You say you want a secure connection.
My suggestions: Setup sshd for key-based authentication / login only. Set up your public and private ssh keys. Configure sshd so it will not allow anything except key-based authentication (so "password" logins are denied). Configure sshd so it will not allow logins by the root user. (See r0x0rj00b0x0r's post) Test it all out. Then, and only then, set up a vnc server to run on your home office server at boot. I am happily using the following packages: vnc4-common vnc4server xvnc4viewer I start a vncserver with this command in /etc/rc.local Code:
su - tred -c " cd /home/tred && vncserver :2 -geometry 1024x768 -depth 24" Then connect to the vnc server over an ssh tunnel, so all the traffic between the distant vnc-viewer and your home vnc-server is encrypted. I connect like this: Code:
vncviewer -PreferredEncoding hextile -via MY.WANIP.ADD.RESS localhost:2 All this is easier to do if you already have 2 PCs at home - your server and another. You can play with encryption and ssh options on your (hopefully firewalled LAN) until you know what you are doing. Then open port 22 (ssh) (or another, it doesn't matter, if you have configured ssh to work over another port number) on your firewall and forward traffic to/from that port to your server so you can test it out remotely over the big bad interweb. I should say that it took me a few days (but I was in no rush, and have a real life) to learn about all this and set it up, but it was fun, educational (I learnt a lot about linux and networking) and now it all works most elegantly :) What you want is possible. Enjoy! |
ok great stuff,
Thanks for expanding your experience tredegar and the adive. also thanks to both :-) |
All times are GMT -5. The time now is 09:46 PM. |