Linux Remote Networking over the Internet (part 3) - page 2
Guarding the GatesYou can log in to any account via SSH as long as you have the login name and password. So you might have a login that looks like this, where the system you're logging into is at remote.net:
$ ssh -p 2022 firstname.lastname@example.orgYou have to name the non-standard port, username, and fully-qualified domain name of the machine you're logging into. Having name services set up on your LAN and your external IP address makes this much easier than using IP addresses.
Using Certificates Instead of PasswordsPlease review Part 2. This is a great way to control remote access for multiple users. You never have to give away system passwords, brute-force attacks are completely ineffective because password logins are disabled, and if you give each user a unique key then revoking access is as simple as removing the corresponding private key. This works the same way over the Internet as on the LAN, except you're using Internet addresses or domain names.
Getting Through Your FirewallThis depends on your firewall. If you're using something with graphical administration, then look for port forwarding and forward SSH traffic to the appropriate internal hosts. This is a tricky business, so be careful what you expose to the outside world. In our next installment we'll learn how to write iptables rules to control SSH access, and some fun SSH tunneling tricks for creating a quick VPN, and shortcuts for long login commands.
- 1Linux Top 3: Network Security Toolkit, Untangle NG Firewall and IPFire
- 2Linux Top 3: Fedora 24, Peppermint 7 and Solus 1.2
- 3Linux Top 3: Alpine Linux 3.4, deepin 15.2 and Linux Lite 3.0
- 4Linux 4.7 Set to Boost Live Patching, Security and Power Management
- 5Linux 4.6 Charred Weasel adds USB 3.1 Support