Being a toroughbread newbie I'm really happy that I got SSH up and running on my small home network finally! But I have a small question:

How can I log who logged in to my box at what time, how long (and maybe even what commands were executed)?

You can type in "last", which will show you who logged in when, for what duration. You can enable logging of those events to your syslog, too. If someone has a login shell, they will most probably be using bash, which will log to their home directory, to a .bash_history file.

Thanks a lot, very nice command

What are the reboot lines? Ok ok, it's propably that I rebooted the system

one line of "last" prints this:
so wannes, that'll be me , what's the pts/2? some kind of p... terminal server or something?



and yet another question. I'd like to access my box from the internet wherever I am. so let's say my IP adress on the internet is 80.168.5.6

The ideal for me would be that from any computer I type

ssh wannes@80.168.5.6

Am I right if I say that the only things that are separating me from doing that is to enable port forwarding on my router (port 22 I guess), installing ssh - or windows-ported ssh software - on the client I want to use for accessing my home computer and maybe get some account at DYNDNS so that I don't have to check my ever changing IP-adress.

Yes, that'd be it...

That's where you made the connection over the network. I'm sure someone probably knows what PTS stands for, but I don't. However, if you were to log in via a serial terminal, it'd be something like ttyS0, etc., or modem

Correct, but INCREDIBLY dangerous. While SSH is secured, it's a 'standard' port on port 22. The only thing keeping folks out is a user ID/password. Implement a IPSEC/VPN solution, if you need to get to things from the outside world.

Hmm, frightning I guess, It seems I got it up and running without the usual nashing of teeth during about 2&1/2 week .

when I type ssh wannes@domain.dyndns.net it asks for a fingerprint and I get a password line. Just to be sure, If I do this, it's not accessing my linuxbox from the home network but it really goes over the router online and connects back to our router that forwards 22 to my box and the gets the shell through SSH. So a whole other thing if I would type ssh wannes@192.168.0.2 (let's say that's my local ip adress) wich doesn't really need routing right?

And just a fast introduction into IPSEC/VPN ? I know that VPN is the acronym for virtual private networking, but that's about all I know IPSEC is IP secure or something like that? What is it really and how do I implement it

(by the way I Think I'm going to shut down my sshd service errrrr.... right NOW!!

But just a footnote: really satisfying that I'm starting to get things done that I never could under windows

Hi

Instead of forwarding the standard ssh port 22, set the external port to something else and forward that to 22. To connect to my server from the web I use something on the lines of;

stefan@mydomainname.net:6660

should to keep some of the script kiddies off your back.

Regards

Stefan

The SSH service actually has logs. Depending on the flavor of Linux that's being used, the logs should be in /var/log/auth.log (at least that's the case for my BSD box...I believe my Slackware boxes direct their SSH logs to the same file and directory, though).

I've also seen people use the 'last', 'lastlog', and/or 'lastlogin' commands. I find that the actual logs are better (and you can interactively monitor them with the 'tail' command).

Ok, :6660 being the port to the big nasty internet?

port 22 is locked again, I get a "connection refused" when I don't specify a port

But now I can't login anymore hmmm. Let's say I changed my outside port on my router to 2788. Just to be sure, I restart my ssh deamon and type

ssh wannes@mydomain.dyndns.org:2788


and I get:

Well, I just bought a second hand O'reilly SSH book , When I've read that I should know what is the best security solution

Thanks for all the help!

Ok, an update:

I got it up and running with port 22 open on my router. After some good advices (pls scroll-up) I was kindly advised to close that damn port, so I did . Today our IT guy at work showed my nmap. Because I wanted to test my connection easily, I installed the all graphical zenmap. When I opened port 22, it was able to guess my router brand, wireless model nr, that I was running Debian-Ubuntu, even my kernel nr . I promise NEVER to open nr 22 again.

But the annoying thing is that ssh doesn't work on the other ports. If I try another port, let's say 25xx and scan with zenmap, it doesn't say that the port is closed but something with vmodem. Also zenmap isn't able to gues what OS I'm running, nor my routers brand.

That's good, but I need ssh too

Anyone some advice?

Hi Wanne

<<port 22 is locked again, I get a "connection refused" when I don't specify a port

But now I can't login anymore hmmm. Let's say I changed my outside port on my router to 2788. Just to be sure, I restart my ssh deamon and type

ssh wannes@mydomain.dyndns.org:2788 >>

Just a thought...on your router you have set up connections from an external port 2788 to port 22 at the ip address of your ssh server on the LAN and your get the problem as above. I see your are using dyndns, could it be that your external ip had changed and the dynamic dns had not updated.

Did you try it from inside the LAN ? as I have had problems when using an external address from behind the router, no idea why this should be the case.

If port forwarding has been setup correctly it should work, as the ssh server will still receive the requests on port 22.

Hope you manage to sort it out.

Best Regards

Stefan

pts = pseudo terminal service, basically any non-local (non-console) cxn.