Re: Safest way of accessing a home computer from outside?

On Sunday 31 December 2006 12:39, Ahmed Hussain wrote:
Hi ,

Sorry I'm a newbie , what if I my router doesent have a public IP
itself. I mean to say my provider provides me a 192.168.1.x of it's
network and internally I have a lan. will I ever be able to access me
personal system via router [provided my ISP provider will not change any
of it's settings from his end ] .
wondering if any kind of dynaDSN or peer to peer can help me to do
that .

Any Suggestions ?

Yes, run, don't walk, stumble or crawl, as fast as you can, to another
provider. Having dealt with that sort of a scenario on dialup many years
ago, that's a security hole you can drive an 80,000 pound load of
swinging beef through. An insurance agents secretaries machine 45 miles
away got infected with the first generation of sobig and tied up the
whole network, and the isp refused to disconnect a good customer. We
were all linux on the gateway side so that worm, nor any of the others
have ever bothered out servers. The winderz boxes in the various offices
are another horse entirely though. But we did make quite an impression
on them about opening emails from unknown srcs after word got around that
we were no longer spending days per machine running viri detectors, but
were simply re-imageing the machine that got infected, losing ALL their
personal stuff including sales leads and black book addresses.

We sent several emails, finally getting into the nastygram mode, to which
the sexytaries only reply was "so what, its working for me. And if you
contact me again with that kind of language the next phone call will be
from our lawyer." A genuine cast iron bitch she was.

It cost us 95% of our bandwidth defending against that box 45 miles away,
back when a 56k dialup was the rule of the land. So we spent better than
15 grand on a T1 till a new isp came on the scene.

vz at least gives me an outside address at the outside of my router, in
this case an old box with DD-WRT installed on it.

DD-WRT, and an outside address, can setup a VPN in just a few minutes.

Regards,
Ahmed Hussain

On Sun, 2006-12-31 at 12:27 -0500, Jacques B. wrote:
On 12/30/06, Timothy Murphy <tim@xxxxxxxxxxxxxxxxxxxxxx> wrote:
What is the safest way of allowing access to a home system
from a remote computer?
I am running Fedora-6 and shorewall.

Any advice or suggestions gratefully received.

--
Timothy Murphy
e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

I agree - ssh with no password and then use certificates to
authenticate. And start it with the -X option if you want to be able
to run XWindows applications over ssh.

As for a router, as was noted, you simply need to configure your
router so that all traffic coming in on whatever port you decide to
use for ssh (22 being the default) is forwarded to your ssh server.
You will want to assign a static IP to your ssh server (either
configuring the box itself, or if your router supports it, assign
static IP via DHCP for the nic in your ssh server). It would also be
wise to disable root access via ssh. If you need root access, you can
su or sudo once you've connected to your server.

To copy files, you can use scp to access your ssh server. If you
simply want to set up a shared drive on your server, then have a look
at hamachi. I've played with it (the Windows version mind you, but
they have a Linux version as well). You can find Hamachi at
http://www.hamachi.cc/. The nice thing with Hamachi is that it's zero
configuration. You don't have to open ports on your router to get it
to work. The down side if you are paranoid is that you are relying on
someone else's network and product vs known/trusted ssh.

And of course VNC and its flavours might do the trick. I am pretty
certain you can tunnel VNC through ssh if you want to wrap a layer of
protection/encryption. I had managed to get VNC to work over Hamachi
for a fleeing moment a while back (Windows box otherwise I would have
tried it with ssh).

Jacques B.

--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Relevant Pages

  • Re: openssh & X11
    ... The correct port is forwarded from the router to a linux box ... The X11 forwarding appears to work from the ssh server to ... DISPLAY is set to localhost:10.0. ...
    (comp.security.ssh)
  • Re: Safest way of accessing a home computer from outside?
    ... what if I my router doesent have a public IP ... use for ssh is forwarded to your ssh server. ... You can find Hamachi at ...
    (Fedora)
  • Re: Dropping SSH connections over the internet
    ... Some times the second connection will be interrupted as well. ... As the previous 2 posters said, SSH is ... the router at my workplace has a timeout and just drops connections ...
    (Ubuntu)
  • Re: Safest way of accessing a home computer from outside?
    ... what if I my router doesent have a public IP ... I agree - ssh with no password and then use certificates to ... use for ssh is forwarded to your ssh server. ... You can find Hamachi at ...
    (Fedora)
  • RE: Telnet Security Question for a Router.
    ... Here is a great example of a secure router config ... support ssh tend to be buggy. ... no encryption is perfect, but take a large key and it'll take ... If you don't want to have passwords ...
    (Security-Basics)