Re: enable "ssh root@myIp"

Geoffrey De Smet wrote:
>
>
> Vahis wrote:
>> Geoffrey De Smet wrote:
>>
>>> Already had been there and enabled it, also said "yes" when it said the
>>> firewall needs to be open too. Turns out it only opens the firewall for
>>> vnc, not ssh.
>>> I checked the firewall (on your advice) and added ssh and the problem
>>> solved :) Thank you.
>>>
>>> Maybe the remote administration can be made smarter in linux 10.1 to
>>> open the ssh port too? Is there some sort of JIRA or bugzilla for open
>>> suse?
>>
>> I don't think it's smart to open anything else in the firewall
>> than just the things you want at the time.
>>
>> Why open ssh if you open vnc or vice versa?
>>
>
> I am a linux rookie. I really like Suse, mainly because of yast and the
> entire user-friendly GUI. I don't use it often enough to learn
> file-based configuration over GUI, with a few exceptions I need all the
> time (apache2, jboss, mysql). (Once you 've done it more then 5 times in
> a GUI, switching to a configuration file is bliss, before it it's hell.)
>
> It asked me "do you want to open the firewall for remote
> administration?" imho it would have been more accurate if it said "only
> for VNC". imho opinion it would have been more user-friendly if it asked
> me "do you want to open vnc, ssh, both or neither?".
>
> Just my 2 cents :)

I think I've seen such a helper somewhere...

It like asks you when you sit down in front of your computer:
"What shall we do today, master?" "Shall we send some email to
our friends or shall we just play some solitaire?"

Then you choose.
>
>> You might also want to consider the following:
>>
>> There's a file /etc/ssh/ssh_config
>
> Thanks, I 'll take a look at it, these things I need to learn.
>
>>
>> Edit this file as root with any editor.
>>
>> For example if you use Kwrite and KDE normally:K-menu > Run
>> Command > kdesu kwrite /etc/ssh/ssh_config
>>
>> Add/change this line:
>>
>> PermitRootLogin no
>
> The server is in an internal network, behind a small router with
> firewall together with 2 windows desktops.
>
> Is it possible to set PermitRootLogin to something like "any ip from
> 192.168.*.1-253 (but not 254, my gateway)?"

That's more like iptables (firewall)

You might want to install Webmin. That's a straight forward GUI
for configuring all those scary text files.

Everything we have discussed here can be configured in a
comprehensive way in Webmin. And more. I think pretty much
everything can be administrated from its GUI. Try it, you'll like
it :)
>
>>
>> Then find the line where it says:
>>
>> Protocol 2,1
>>
>> Change it to:
>>
>> Protocol 2
>
> done, thank you for this added info.
>
>>
>> No logging in is only possible as a user, not root, and only
>> using the more secure protocol ssh2. Any intruder would have to
>> know a username with an account, this user's password, and then
>> root's password.
>>
>> As for passwords:
>>
>> Use long, at least 12 - 15 characters (at least for root) in
>> upper and lower case, also some numbers and DO NOT USE DICTIONARY
>> WORDS IN ANY LANGUAGE.
>>
>
> No problem :)
>
>> An example for password: Igt1GSptYaAE22oD
>>
>> How does one remember such passwords?
>>
>> I'm using a method where I use sentences and take the first
>> letters from the words, adding a few numbers in between:
>>
>> (I) (g)ive (t)his 1 (G)reat (S)trong (p)assword (t)o (Y)ou (a)s
>> (A)n (E)xample 22 (o)f (D)ecember
>>
>> When I log in I repeat the sentence in my mind while typing.
>> Since I have two servers which face the evil Internet my
>> passwords are still longer than that. After all, weak passwords
>> are a huge threat, and the OS nowadays doesn't even accept the
>> poorest ones, saying "password is weak" or something similar.
>>
>>
>>
>> You could disable everything else and only allow one user from a
>> certain host or domain. Take a no-ip or similar account and log
>> in using that account.
>>
>> I have also disabled my web server from answering to ping:
>>
>> sysctl -w net.ipv4.icmp_echo_ignore_all=1
>>
>> If you change the last =1 it will answer again.
>>
>> Vahis
>
> Thank you for this info, it means a lot for someone starting out.
>
> With kind regards,
> Geoffrey De Smet

You're welcome

Vahis
--
No dual or multi booting, every OS runs simultaneously. FAQ:
http://waxborg.servepics.com/mobile/articles/vmware.html
Playing multimedia in SUSE 10.0:
http://waxborg.servepics.com/English/Linux/susemultimedia.en.html
.

Relevant Pages

  • Re: enable "ssh root@myIp"
    ... Turns out it only opens the firewall for vnc, not ssh. ...
    (alt.os.linux.suse)
  • Re: Warning: This question might be moronic :]
    ... Do you think there's some special port for communicating ... > with the firewall itself? ... machine without that the software opening up a listening port. ... tiny/kerio opens port 44334 when it's in operation ...
    (alt.computer.security)
  • Re: Dcom Exploit
    ... If I send a global message to the friends list on facebook, ... firewall, ... You have no need for DCOM. ... When it opens, click into Component Services / Computers ...
    (microsoft.public.security)
  • Re: Skype Messenger is Bypassing Windows Firewall-Firewall doesnt det
    ... > If Skype can open a two-way inbound/outbound hole through the firewall, ... Any virus can do this too. ... third party firewall has an advantage over the native one. ... >> states which ones it opens, only that it will establish some paths. ...
    (microsoft.public.windowsxp.general)
  • aqua needs help to trigger events
    ... and suddenly my Tk application stopped working ... (I see no GUI) ... don't need to leave the window or change the focus, ... the File menu opens OK. ...
    (comp.lang.tcl)