SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Never really had a need to set up remote ssh until I moved out of my parents house and in doing so, my rsnapshot server is no longer connected since it was set up to handle local machines on the network. I'd like to keep the rsnapshot server at my parents' house so that it would serve as a remote backup, however I see several issues with this all stemming from dynamic IP addresses on both sides. They don't change that frequently so I'm okay with changing hosts.allow, sshd.config, and rsnapshot.config manually, though if there was a way to automate this I'd like to hear.
Use a free DNS updating service and use DNS names. I use http://freedns.afraid.org/. Then set up key-based login and disable password based login in SSH. The second step is optional, but I guarantee you'll have a constant barrage of brute-force password guessing directed at port 22.
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,541
Rep:
I did pretty much the same thing as you're trying to do with DynDNShttp://www.dyndns.com and, to keep the kiddies and bad actors out of my pants, with DenyHostshttp://denyhosts.sourceforge.net/. I can highly recommend both.
DynDNS runs a a daemon and actively changes its address for you (you get to make up host names) when you, oh, turn of the modem or whatever that causes the ISP to give you a new address. It's a freebie.
DenyHosts also runs as a daemon and watches /var/log/syslog (or whatever you like) where remote connections are logged and automagically adds entries to /etc/hosts.deny (or IPTABLES or...) to refuse connections from folks that attempt to log in as root, wheel and other "privileged" user accounts (with failed passwords). It also shares with world-wide users' experiences (if you want) and downloads other DenyHosts users banned site addresses. This one I like -- it works, it's invisible to you and it puts a stop to a lot of nonsense from a whole lot of places.
You can, of course, remap the SSH address to an alternative port; this requires you to add that port number to the SSH connection (as in ssh snafu:12345).
It's pretty simple, your ISP changes your address, DynDNS uploads that to the DynDNS server and life is good.
I did pretty much the same thing as you're trying to do with DynDNShttp://www.dyndns.com and, to keep the kiddies and bad actors out of my pants, with DenyHostshttp://denyhosts.sourceforge.net/. I can highly recommend both.
DynDNS runs a a daemon and actively changes its address for you (you get to make up host names) when you, oh, turn of the modem or whatever that causes the ISP to give you a new address. It's a freebie.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
I did use DynDNS and my router was supposed to update but it didn't check in often enough or something and my domain name expired. Now when I look on their site I don't see a free option.
I'd recommend changing the port for SSH. It may sound like security through obscurity but it makes it a darn sight easier to check your logs for intrusion attempts than if it's left on 22.
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,541
Rep:
Quote:
Originally Posted by 273
I did use DynDNS and my router was supposed to update but it didn't check in often enough or something and my domain name expired. Now when I look on their site I don't see a free option.
It works a lot better if you configure like this (routers don't do a good job of this):
Code:
## ddclient configuration file
daemon=600
# check every 600 seconds
syslog=yes
# log update msgs to syslog
mail-failure=Your_Real_E-Mail_Address@wherever.whatever # Mail failed updates to user
pid=/var/run/ddclient.pid
# record PID in file.
## Detect IP with our CheckIP server
use=web, web=checkip.dyndns.com/, web-skip='IP Address'
## DynDNS username and password here
login=Your_DynDNS_User_ID
password=Your_DynDNS_Password
## Default options
protocol=dyndns2
server=members.dyndns.org
## Dynamic DNS hosts
Mine's been running for years like this, zero problems.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Thanks tronayne, I have used something similar in the past and it worked fine. The problems I'd have now are that I don't currently have an always on machine and, as I mentioned, I don't see a free offering from DynDNS any more. I don't currently need it though, so I'll investigate further if/when I do.
That said, I agree if there's a free option still this would be a good idea to solve the dimm0k's question.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.