Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Being a toroughbread newbie I'm really happy that I got SSH up and running on my small home network finally! But I have a small question:
How can I log who logged in to my box at what time, how long (and maybe even what commands were executed)?
You can type in "last", which will show you who logged in when, for what duration. You can enable logging of those events to your syslog, too. If someone has a login shell, they will most probably be using bash, which will log to their home directory, to a .bash_history file.
What are the reboot lines? Ok ok, it's propably that I rebooted the system
one line of "last" prints this:
Code:
wannes pts/2 192.168.2.12 Fri Nov 14 17:45 still logged in
so wannes, that'll be me , what's the pts/2? some kind of p... terminal server or something?
and yet another question. I'd like to access my box from the internet wherever I am. so let's say my IP adress on the internet is 80.168.5.6
The ideal for me would be that from any computer I type
ssh wannes@80.168.5.6
Am I right if I say that the only things that are separating me from doing that is to enable port forwarding on my router (port 22 I guess), installing ssh - or windows-ported ssh software - on the client I want to use for accessing my home computer and maybe get some account at DYNDNS so that I don't have to check my ever changing IP-adress.
What are the reboot lines? Ok ok, it's propably that I rebooted the system
Yes, that'd be it...
Quote:
one line of "last" prints this:
Code:
wannes pts/2 192.168.2.12 Fri Nov 14 17:45 still logged in
so wannes, that'll be me , what's the pts/2? some kind of p... terminal server or something?
That's where you made the connection over the network. I'm sure someone probably knows what PTS stands for, but I don't. However, if you were to log in via a serial terminal, it'd be something like ttyS0, etc., or modem
Quote:
and yet another question. I'd like to access my box from the internet wherever I am. so let's say my IP adress on the internet is 80.168.5.6
The ideal for me would be that from any computer I type
ssh wannes@80.168.5.6
Am I right if I say that the only things that are separating me from doing that is to enable port forwarding on my router (port 22 I guess), installing ssh - or windows-ported ssh software - on the client I want to use for accessing my home computer and maybe get some account at DYNDNS so that I don't have to check my ever changing IP-adress.
Correct, but INCREDIBLY dangerous. While SSH is secured, it's a 'standard' port on port 22. The only thing keeping folks out is a user ID/password. Implement a IPSEC/VPN solution, if you need to get to things from the outside world.
Hmm, frightning I guess, It seems I got it up and running without the usual nashing of teeth during about 2&1/2 week .
when I type ssh wannes@domain.dyndns.net it asks for a fingerprint and I get a password line. Just to be sure, If I do this, it's not accessing my linuxbox from the home network but it really goes over the router online and connects back to our router that forwards 22 to my box and the gets the shell through SSH. So a whole other thing if I would type ssh wannes@192.168.0.2 (let's say that's my local ip adress) wich doesn't really need routing right?
And just a fast introduction into IPSEC/VPN ? I know that VPN is the acronym for virtual private networking, but that's about all I know IPSEC is IP secure or something like that? What is it really and how do I implement it
(by the way I Think I'm going to shut down my sshd service errrrr.... right NOW!!
But just a footnote: really satisfying that I'm starting to get things done that I never could under windows
Instead of forwarding the standard ssh port 22, set the external port to something else and forward that to 22. To connect to my server from the web I use something on the lines of;
The SSH service actually has logs. Depending on the flavor of Linux that's being used, the logs should be in /var/log/auth.log (at least that's the case for my BSD box...I believe my Slackware boxes direct their SSH logs to the same file and directory, though).
I've also seen people use the 'last', 'lastlog', and/or 'lastlogin' commands. I find that the actual logs are better (and you can interactively monitor them with the 'tail' command).
Instead of forwarding the standard ssh port 22, set the external port to something else and forward that to 22. To connect to my server from the web I use something on the lines of;
I got it up and running with port 22 open on my router. After some good advices (pls scroll-up) I was kindly advised to close that damn port, so I did . Today our IT guy at work showed my nmap. Because I wanted to test my connection easily, I installed the all graphical zenmap. When I opened port 22, it was able to guess my router brand, wireless model nr, that I was running Debian-Ubuntu, even my kernel nr . I promise NEVER to open nr 22 again.
But the annoying thing is that ssh doesn't work on the other ports. If I try another port, let's say 25xx and scan with zenmap, it doesn't say that the port is closed but something with vmodem. Also zenmap isn't able to gues what OS I'm running, nor my routers brand.
Just a thought...on your router you have set up connections from an external port 2788 to port 22 at the ip address of your ssh server on the LAN and your get the problem as above. I see your are using dyndns, could it be that your external ip had changed and the dynamic dns had not updated.
Did you try it from inside the LAN ? as I have had problems when using an external address from behind the router, no idea why this should be the case.
If port forwarding has been setup correctly it should work, as the ssh server will still receive the requests on port 22.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.