Topic: Create remote login for Server Manager

[TreeBeck]

I would like to modify the sme-server to allow remote logins to the Server Manager via a SSL. Could someone point me in the correct direction. How does the default configuration work? If I can know how the default setting work I could reset it to allow remote login. Im not completely stupid to Linux but I am a "newb" so please be gentle.

[MSmith]

Your wish is granted ... just use a PPtP or other VPN to the network, then access Server Manager by its internal LAN IP.

[gordonr]

I would like to modify the sme-server to allow remote logins to the Server Manager via a SSL. Could someone point me in the correct direction.

You can open server-manager access to specific IPs or ranges via the Remote Access panel.

How does the default configuration work?

server-manager access is restricted to local networks by default.

Gordon

[TreeBeck]

Sorry for not being specific. I am aware that I can VPN to the server but what I want to do is to allow the Server Manager to be accessed by any IP in the outside world via SSL and password authentication. I am using SME in the server only configuration in a network similiar to a data center(client machines are not on the local network). To require the webmaster to VPN is not an option, they use windows only and do not have a understanding VPNs and such.

One other thing, could someone tell me how to get to a shell. I may be able to find most of my answers if I am able to see what is running under the hood.

[CharlieBrady]

To require the webmaster to VPN is not an option, they use windows only and do not have a understanding VPNs and such.

Creating a VPN connection from windows requires no VPN understanding, and is no more difficult than setting up a dialup connection from windows.

Search here and you'll find instructions for enabling shell access.

[MSmith]

If your SME server is server-only, then your outside "webmasters" must gain access somehow to the local network, yes?  And unless you're committing the security error of exposing your SME Server's LAN interface to the Internet at large -- thereby defeating its built-in security features -- then your outside users MUST do something such as RAS, BorderManager, PPtP or some other form of authentication to gain access to the local network.  Right?

Once inside, they can access the server manager and/or use a client such as WinSCP or PuTTY via the SME server's LAN IP.

[pcdoc]

run putty and select Connections - SSH - tunnels from the left menu, put 980 for the source port, and localhost:980 for the destination port.

once you have connected via putty (using SSH), and logged onto the remote server, open your browser and go to http://localhost:980. viola you now have remote access to the server manager from any external ip using ssh.

I maintain about 30 servers, and this is the way I do it remotely. makes it a hell of a lot easier to do.

you can also ssh into port 3306 and work on the MySQL database remotely using SSH if you want.

[TreeBeck]

I cannot tell the end user to VPN in to this server. I am dealig with your typical Windows user/web developer that will not VPN to a network. They bearly know how to FTP. What I want to do is modify the setting so that I can allow logins from outside the local network.
Basiclly I am looking for information on the configuration of the services that are running the Server Manager. Also how to exit the default admin screen on the server so I can gain shell access.
I have not worked with a Linux server for over a year so I aplogize if I sound a bit stupid.

[pcdoc]

for the second part of you question. press the ALT key and F2 for the second login screen, and ALT + F3 for the third screen. you can setup the default F1 screen for auto admin login, or to leave in at a login prompt in the setup.

for the first part of your query.

are you REALLY sure you want users outside your LAN on the internet to be able to remotely login to your network, not using VPN, SSH or any other security measure??

my suggestion would be to setup a MS Terminal Server on your LAN behind the SME server (SME = better protection) and use port forwarding to let port 3389 through to your Terminal Server. That would give you a reasonably amount of security, and still let your users do what they want.

[TreeBeck]

Thanks PC, that is a awesome solution, security and accessible. I will use that suggestion and see how it goes.
I was able to find some articles that should have me in the right direction for most of the configuration changes I have planned. I thank everyone who contributed to this thread. Time for a few beers and lots of reading.