Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
i have setup a linux box far from a city, RH8. from the iptables point of view, i have opened up port 22 for ssh. now, i am living in other city, and would like to ssh this linux box from internet.
how am i going to do? i've tried to ssh the adsl ip which dedicated for the linux box, but fail. from outside, i've try to nmap the opening port, but also failed.
now, i want to do remote control from here, how?
pls, help... this is urgent! thanks for any helps and concerns.
1. Did you start up the ssh client or the ssh server (sshd) on the linux box? You'll need to have the daemon started if you want to ssh in.
2. Make sure the daemon is really on:
chkconfig --list | grep sshd
It should say "on" for run levels 3 and 5
Then do:
service sshd restart
3. Make sure it's listening properly:
netstat -lan
You should see something actively listening on port 22
4. Make sure your firewall isn't blocking port 22:
more /etc/sysconfig/iptables
Depending on how your firewall is configured, you may or may not see a specific rule allowing incoming packets on port 22. You can add a rule to allow ssh using the iptables command or if you're uncomfortable with the command line you can using the firewall GUI in Redhat. On 8.0 there is actually a little checkbox you can click to allow ssh.
HTH
so, does it secure if i do ssh to my linux bx? will there be any eavesdropping happens in this case? do i need to do some sort of security procedure to get rid of the incident to happen?
thanks
SSH is a pretty secure protocol. Anyone sniffing packets would just see un-readable encypted characters. If you want to know more about the SSH crypto usage, just look at the ssh man page.
One thing I would recommend would be to edit the /etc/ssh/sshd_config file and disable root logins (change PermitRootLogin yes) to "no". That makes it a bit harder to crack the root password. Then login as a normal user and use su - to become root.
Just a question for you, were you able to login by SSH before?
Last edited by Capt_Caveman; 06-27-2003 at 10:35 PM.
thanks for guidance capt_caveman. nope.... i am still NOT able to login. last time, when i was in the same LAN. i was able to login.
hmm.... how should i login then??? now, i want to login from internet...as ur information, my linux box is my main gateway, there are two NIC, one is for private (local network) and one is for public (internet). the linux box is connected to an adsl line....and that is 24 hrs online.....i never shut it down. so, i am ssh to the public NIC from internet. do i make a correct step? i tried both sshd and netstat are ok.....
This will perform a traceroute, except that it'll use TCP SYN packets with incremental ttl values (starting at 1). This will show you the path that your packets follow, and if your packets never reaches the server, you will simply stop seeing anything at some point. (Unless you get connection refused, in which case you will see RST packets, if you reach the host and it accepts your connections you will see SYN/ACK packets, "flags=SA").
If this succeeds, you need to configure sshd to actaully allow connections from anywhere (man sshd_config)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.