Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Ubuntu 7.10, OpenSUSE 10.3, Linux Mint, Arch
Posts: 92
Rep:
Will I have any problems with ssh in this setup?
I have a simple question, I'm gonna buy a new laptop tomorrow that I'm mostly gonna use in my school, I was wondering if I will have any problems with this ssh setup?
are there any potential problems I may run into, like router configuration? Is it possible to fx. run ssh through port 80, if the standard ssh port is blocked by the school's server?
Before attempting this, please make sure that you aren't violating some school policy by opening an SSH connection to your house. I know for a fact my school doesn't care about this kind of stuff, but some schools do. So make sure, and don't do it if it is not allowed.
That said, yes, you can make your SSH daemon at home listen on any port you want. You would almost certainly be able to SSH at least to port 80 or 443 without any problems (unless your home ISP is blocking those ports - some home ISPs do this to prevent people from having web servers), if all the school had was a typical consumer-grade router.
First, check if you can SSH to port 443. Even when implementing transparent/intercepting proxies, it is not unusual for network admins to SNAT port 443. If it doesn't work, it would indicate the port isn't being SNATed, and instead HTTPS requests are going through the proxy, using the CONNECT method. Hence, you'd need to use a tool such as corkscrew, which would let you tunnel through the proxy.
If your school has implemented a whitelist on the proxy, then you are out of luck regarding the help you could get here. This is because bypassing a whitelist would be considered cracking, and helping you with that would violate the LQ Rules. I'm allowing this thread because, technically speaking, you aren't cracking anything by simply opening an SSH connection to home.
Distribution: Ubuntu 7.10, OpenSUSE 10.3, Linux Mint, Arch
Posts: 92
Original Poster
Rep:
Yes, Hom PC is the server, and laptop is the client.
I was kinda worried about the proxy server... Hope it works. Home router shouldn't be a problem, but I don't know about the ISP, though...
I doubt my school has any sort of policy, it's a small school, 9 or 10 classes in total.
All the IT work is being out coursed to a local IT firm. I'm not sure about an a whitelist, not quite sure what a whitelist would list, but I defenetly don't want to do any cracking, I just want to be able to get to my homework if I left it at home...
Speaking of which, if I left my laptop at home, could I also configure it as a server too and use a win32 ssh app on maybe a usb-stick, and use a classmates computer to connect to the laptop? Is that at all possible?
I'm not sure about an a whitelist, not quite sure what a whitelist would list, but I defenetly don't want to do any cracking, I just want to be able to get to my homework if I left it at home...
When schools implement a whitelist, it is usually to restrict access only to educational-type websites. From what I've seen in the schools I've been in, blacklists are more popular (sometimes combined with a porn filter), because they just wanna ban stuff like YouTube, etc.
Quote:
Speaking of which, if I left my laptop at home, could I also configure it as a server too and use a win32 ssh app on maybe a usb-stick, and use a classmates computer to connect to the laptop? Is that at all possible?
Sure, no problem. Make sure it's a friend you trust, though. Don't let yourself be a keylogger victim. Maybe carry a Live CD or Live USB distro so you could boot that instead. Just a thought.
Distribution: Ubuntu 7.10, OpenSUSE 10.3, Linux Mint, Arch
Posts: 92
Original Poster
Rep:
Resurected!
It took more time than expected to get that laptop, and even longer to get it working properly.
The setup is something like this:
Server: Ubuntu 7.10 -> router -> Internet
Client: OpenSUSE 10.3 -> Proxy(win) -> router -> Internet
I have installed the openssh server on ubuntu, and openSUSE has ssh installed by default, I have generated a key pair in both cases, but I now have no idea what to do next.
I have installed the openssh server on ubuntu, and openSUSE has ssh installed by default, I have generated a key pair in both cases, but I now have no idea what to do next.
Forward port 443 to your SSH daemon. Try to SSH to port 443.
Distribution: Ubuntu 7.10, OpenSUSE 10.3, Linux Mint, Arch
Posts: 92
Original Poster
Rep:
heh, ehm, how do I do that exactly...
configure the router to forward connections from 443 to the ssh daemon? do I need a static ip for that?
I'd like to first get it working, and testing it locally, both client and server behind the same router.
configure the router to forward connections from 443 to the ssh daemon?
Yes.
Quote:
do I need a static ip for that?
No. Lots of routers offer dynamic DNS functionality. For example, I have my Linksys WRT54G working with DynDNS.com (or is it No-IP.com?). This way you don't need to remember the IP - you SSH to example.example.net instead.
Quote:
I'd like to first get it working, and testing it locally, both client and server behind the same router.
Just SSH to the server's private IP on the LAN and see if it works. BTW, what brand/model router do you have?
Distribution: Ubuntu 7.10, OpenSUSE 10.3, Linux Mint, Arch
Posts: 92
Original Poster
Rep:
The router is a billion-something, it's mounted stuck on the wall, so I can't really see what it says, on the top, though, it says Billion Wireless-G ADSL router. It's probably 5200G, as that's what the advertised on the ISP's site, which is where is was bought.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.