Slackware This Forum is for the discussion of Slackware Linux.
|
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
07-18-2006, 06:54 PM
|
#1
|
Member
Registered: Mar 2005
Location: Washington DC area
Posts: 214
Rep:
|
How do i configure guarddog so i can use SSH remotely and ping my box?
Hey everyone
Here is the deal. I am currently running Slack 10.2 with Guarddog as my firewall.I Have SSH set up on my system. I want to be able to connect via SSH remotely to my computer. When I tried to ping my home computer remotely, the ping request timed out on me!Also I was not able to SSH from remote to my Linux box. I suspect this is an issue with the firewall configuration. How do I go about configuring guarddog so that I can ping my linux box AND SSH to it from a remote location?
|
|
|
07-19-2006, 04:42 AM
|
#2
|
Senior Member
Registered: Oct 2004
Location: Luxemburg
Distribution: Slackware, OS X
Posts: 1,507
Rep:
|
How is your home PC connected to the internet? Is there an router which has a build-in firewall?
|
|
|
07-19-2006, 05:19 AM
|
#3
|
Member
Registered: Mar 2005
Location: Washington DC area
Posts: 214
Original Poster
Rep:
|
well my computer is connected to the internet via DSL. My desktop runs a cat5 cable to the router/modem that my ISP provided me with. I do not know if the actual router/modem has a built in firewall. I did port-forward port 22 and configure it for SSH in my router using the router configuration page.SSH works when i disable guarddog. But when guarddog is reenabled, no computer is able to ping nor SSH into my computer.
Last edited by asilentmurmur; 07-19-2006 at 05:20 AM.
|
|
|
07-19-2006, 08:14 AM
|
#4
|
Member
Registered: Dec 2005
Distribution: Slackware 13.1
Posts: 82
Rep:
|
I can't help you with guarddog, but i want to recommend that if your router supports it, forward a diffrent port for ssh. What i mean is, make it so when you remotely ssh in, you are aiming at a port other than 22, such as 422, or 8022, or any non-standard ssh port. Have the router then forward that traffic to port 22 on your computer. I say this because there are a lot of script kiddies out there with brute force password guessers, you will see all their attempts in /var/log/messages.
Also, since you are using a software firewall along with your hardware firewall (router) i assume you are the paranoid type (a good thing) so you will want to edit /etc/ssh/sshd_config and add something like this:
Code:
AllowGroups users
AllowUsers <your username>
DenyGroups root bin daemon apache (etc...)
DenyUsers root bin daemon apache (etc...)
These two precautions should make it harder for someone to randomly find your computer (with nmap looking for port 22 open on a set of IP addresses) and if they do guess your "secret" port for ssh they wont be able to try to login as root with a password guesser.
I hope i helped a bit, though i know nothing about guarddog.
|
|
|
07-19-2006, 10:58 AM
|
#5
|
Senior Member
Registered: Oct 2004
Location: Luxemburg
Distribution: Slackware, OS X
Posts: 1,507
Rep:
|
For Guardog, it works as follows:
- go to the "Protocol" tab
- in "Defined Network Zones" choose "Local"
- in the "Zone Properties" Part expand "Interactive Session"
- check the checkbox that is at the intersection of line "SSH - Remote Login Protocol" and column "Internet" (the checkmark must correspond to the one that is shown next to the label "protocol is permitted")
- finally, Apply these rules
What you did this way is that you said that the Local zone (i.e. your machine) serves SSH to clients in zone Internet.
|
|
|
08-03-2006, 12:57 AM
|
#6
|
Member
Registered: Mar 2005
Location: Washington DC area
Posts: 214
Original Poster
Rep:
|
Quote:
Originally Posted by stitchman
I can't help you with guarddog, but i want to recommend that if your router supports it, forward a diffrent port for ssh. What i mean is, make it so when you remotely ssh in, you are aiming at a port other than 22, such as 422, or 8022, or any non-standard ssh port. Have the router then forward that traffic to port 22 on your computer. I say this because there are a lot of script kiddies out there with brute force password guessers, you will see all their attempts in /var/log/messages.
Also, since you are using a software firewall along with your hardware firewall (router) i assume you are the paranoid type (a good thing) so you will want to edit /etc/ssh/sshd_config and add something like this:
Code:
AllowGroups users
AllowUsers <your username>
DenyGroups root bin daemon apache (etc...)
DenyUsers root bin daemon apache (etc...)
These two precautions should make it harder for someone to randomly find your computer (with nmap looking for port 22 open on a set of IP addresses) and if they do guess your "secret" port for ssh they wont be able to try to login as root with a password guesser.
I hope i helped a bit, though i know nothing about guarddog.
|
You said:
Quote:
can't help you with guarddog, but i want to recommend that if your router supports it, forward a diffrent port for ssh. What i mean is, make it so when you remotely ssh in, you are aiming at a port other than 22, such as 422, or 8022, or any non-standard ssh port. Have the router then forward that traffic to port 22 on your computer. I say this because there are a lot of script kiddies out there with brute force password guessers, you will see all their attempts in /var/log/messages.
|
How do i do that? my router has the standard SSH port forwarded for SSH and when i connect with an SSH client to this computer, i am using the standard port. i tried connecting with another port but it was to no avail. Could you explain to me step by step what i should do there? i am pretty much a n00b at life lol
|
|
|
All times are GMT -5. The time now is 03:56 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|