March 21, 2019

Linux Remote Networking over the Internet (part 3) - page 2

Guarding the Gates

  • November 10, 2009
  • By Carla Schroder
You can log in to any account via SSH as long as you have the login name and password. So you might have a login that looks like this, where the system you're logging into is at remote.net:
$ ssh -p 2022 web-admin@webserver.remote.net 
You have to name the non-standard port, username, and fully-qualified domain name of the machine you're logging into. Having name services set up on your LAN and your external IP address makes this much easier than using IP addresses.

Using Certificates Instead of Passwords

Please review Part 2. This is a great way to control remote access for multiple users. You never have to give away system passwords, brute-force attacks are completely ineffective because password logins are disabled, and if you give each user a unique key then revoking access is as simple as removing the corresponding private key. This works the same way over the Internet as on the LAN, except you're using Internet addresses or domain names.

Getting Through Your Firewall

This depends on your firewall. If you're using something with graphical administration, then look for port forwarding and forward SSH traffic to the appropriate internal hosts. This is a tricky business, so be careful what you expose to the outside world. In our next installment we'll learn how to write iptables rules to control SSH access, and some fun SSH tunneling tricks for creating a quick VPN, and shortcuts for long login commands.

Carla Schroder is the author of the Linux Cookbook and the Linux Networking Cookbook (O'Reilly Media), the upcoming "Building a Digital Sound Studio with Audacity" (NoStarch Press), a lifelong book lover, and the managing editor of LinuxPlanet and Linux Today.

Most Popular LinuxPlanet Stories