November 23, 2014
 
 
RSSRSS feed

Graphical Remote Control Desktops for Linux - page 4

Controlling Windows Computers From Linux

  • October 30, 2008
  • By A. Lizard
/etc/hosts
There is probably an error in your hosts file.

The typical /etc/hosts in Debian-based distributions places host and alias entries in the wrong order. Replace the 127.0.0.1 loopback address localhost and machine entry names with something in this format:

127.0.0.1 localhost localhost.localdomain computername

and add this entry (substitute whatever IP address your router actually uses on the network.)

192.168.1.1 router

Don't change anything else. While the router entry probably isn't really necessary, if you have to use nmap to troubleshoot the network, it will save you trouble if nmap will provide you with information about what it thinks your router is doing.

A good command for nmap ssh troubleshooting:

$ nmap -p 54321 --open -sV 192.168.1.1/24

change the numeric IP to match your LAN router if need be and 54321=whatever port you actually set ssh to.

If you don't have nmap installed, install it:# aptitude install nmap

The DynDNS -- Open Port Tool will help you check your ports from the public Internet.

/etc/hosts.allow

These should be the only user entries in the file.

ALL: LOCAL @192.0.0.1/24
ALL: sshd


If your LAN runs a different IP range, use that in place of the numeric IP in the LOCAL entry.

/etc/hosts.deny
Remember that any unsuccessful SSH connection attempt will result in the entry for the computer you are trying to legitimately connect from added to the ";forbidden hosts" list which is what hosts.deny is, which will have frustrating results. I recommend renaming the file to /etc/hosts.deny-temp and recreating the file afterwards. (see below) If you find localhost or 127.0.0.1 or anything else you know to be a legitimate connection in this file, delete the entries. If you find any entries for off-system connections you didn't put there, that's what the file is for, leave them in.

Once you've finished, restart networking by:

# /etc/init.d/networking restart

That's all for today-- come back next Monday to learn how to set up secure Internet access even with dynamic IP addresses, and how to set up NX Server.

This security bulletin should be of interest to admins using rdesktop and other applications that use the rdp protocol:Microsoft Windows Server Service RPC Vulnerability

Sitemap | Contact Us