Linux Remote Networking over the Internet (part 3) - page 2
Guarding the GatesYou can log in to any account via SSH as long as you have the login name and password. So you might have a login that looks like this, where the system you're logging into is at remote.net:
$ ssh -p 2022 firstname.lastname@example.orgYou have to name the non-standard port, username, and fully-qualified domain name of the machine you're logging into. Having name services set up on your LAN and your external IP address makes this much easier than using IP addresses.
Using Certificates Instead of PasswordsPlease review Part 2. This is a great way to control remote access for multiple users. You never have to give away system passwords, brute-force attacks are completely ineffective because password logins are disabled, and if you give each user a unique key then revoking access is as simple as removing the corresponding private key. This works the same way over the Internet as on the LAN, except you're using Internet addresses or domain names.
Getting Through Your FirewallThis depends on your firewall. If you're using something with graphical administration, then look for port forwarding and forward SSH traffic to the appropriate internal hosts. This is a tricky business, so be careful what you expose to the outside world. In our next installment we'll learn how to write iptables rules to control SSH access, and some fun SSH tunneling tricks for creating a quick VPN, and shortcuts for long login commands.
Sponsored by BlackBerry
BlackBerry® Enterprise Server Express enables businesses of any size to quickly and easily get started with the BlackBerry solution. It provides advanced BlackBerry smartphone features with no additional software or user license fees, and works with any Internet-enabled BlackBerry data plan or a BlackBerry enterprise data plan. Download now!