Port 22

edform

178
+0/-0

Port 22

« on: December 29, 2005, 06:12:20 PM »

One of the requirements for automatic synchronization of two SME servers via the internet is opening port 22 through the router to allow SSH to talk. Is this a high risk situation?

Any comments

Ed Form

Logged

Reinhold

517
+0/-0

Port 22

« Reply #1 on: December 29, 2005, 07:06:28 PM »

ed,

...use SSH2 with a 2048-bit RSA private/public key pair with a strong pass phrase
...safe as it gets.

Read the AdminFAQ, or search here for "ssh 2.0", rsa public private keys.
wellsi.com should still have a tutorial available.

regards
Reinhold

Logged

............

edform

178
+0/-0

Port 22

« Reply #2 on: December 29, 2005, 11:18:30 PM »

Quote from: "Reinhold"

...use SSH2 with a 2048-bit RSA private/public key pair with a strong pass phrase ...safe as it gets.

Read the AdminFAQ, or search here for "ssh 2.0", rsa public private keys.
wellsi.com should still have a tutorial available.

Thanks for the tip, I'll look into it.

Ed Form

Logged

kruhm

680
+0/-0

Port 22

« Reply #3 on: January 01, 2006, 02:15:49 PM »

Quote

automatic synchronization of two SME servers via the internet

?!!?

AFAIK, sme doesn't replicate

Logged

Reinhold

517
+0/-0

Port 22

« Reply #4 on: January 01, 2006, 02:37:40 PM »

Happy new Year!

I am not sure about "replication"...

...but have a google on us with "rsync over ssh".
I am (almost) sure that or something similar is what Ed is trying!

Regards
Reinhold

Logged

............

edform

178
+0/-0

Port 22

« Reply #5 on: January 02, 2006, 11:25:10 AM »

Quote from: "Reinhold"

...but have a google on us with "rsync over ssh".
I am (almost) sure that or something similar is what Ed is trying!

I am trying to get the rsync over ssh idea to fly.

The two servers are in buildings about 150metres apart, and will each have its own mail setup, but I need to keep some standard office stuff closely in sync in the ibays - so it's only the ibays I'm trying to keep near to the same.

I've had very little success in getting the SSH bit of the process going - can't actually log in at all. I've got the right port opened at both ends; when I send a command by hand, with a user name included, there is a long delay and then a timeout message - I never see the password challenge response.

I've decided to sidestep the whole problem and send for a narrow-beam radio bridge kit. I won't get enough speed to network over the link, but I'll be able to sync the ibays in the background.

Ed Form

Logged

Reinhold

517
+0/-0

Port 22

« Reply #6 on: January 02, 2006, 08:31:09 PM »

Ed,

Read man ssh especially:
First, if the machine the user logs in from is listed in
/etc/hosts.equiv or /etc/ssh/shosts.equiv on the remote machine, and the
user names are the same on both sides, the user is immediately permitted to log in.
... and note you need a template for this stuff in SME !

Just go -http://www.wellsi.com- where I sent you to tackle RSA anyway

...
and you will find:

Code: [Select]

This brief example shows the start of a SSH session where the username is specified using the -l option.

[dummy@homepc dummy]$ ssh -l dummy gatekeeper
Enter passphrase for key '/home/dummy/.ssh/id_rsa':
Last login: Tue Feb 18 11:38:43 2003 from somewhere
Welcome to the Mitel Networks SME Server.
bash-2.05a$

For more on ssh look here: The Secure Shell (SSH) Frequently Asked Questions
...and if needed "debug" stuff using SourceForge.net: SSH Client Instructions

Regards
Reinhold

Logged

............

edform

178
+0/-0

Port 22

« Reply #7 on: January 03, 2006, 03:33:12 AM »

Quote from: "Reinhold"

Read man ssh especially:
First, if the machine the user logs in from is listed in
/etc/hosts.equiv or /etc/ssh/shosts.equiv on the remote machine, and the
user names are the same on both sides, the user is immediately permitted to log in.
... and note you need a template for this stuff in SME !

Just go -http://www.wellsi.com- where I sent you to tackle RSA anyway ...
and you will find:

Code: [Select]
This brief example shows the start of a SSH session where the username is specified using the -l option. [dummy@homepc dummy]$ ssh -l dummy gatekeeper Enter passphrase for key '/home/dummy/.ssh/id_rsa': Last login: Tue Feb 18 11:38:43 2003 from somewhere Welcome to the Mitel Networks SME Server. bash-2.05a$

For more on ssh look here: The Secure Shell (SSH) Frequently Asked Questions
...and if needed "debug" stuff using SourceForge.net: SSH Client Instructions

Actually Reinhold, it's a bit easier than that. You just have to avoid being a complete twit like me!!! How was I ever going to connect to the secure shell if I had secure shell connection set to local networks only in the server manager???????

I've now managed to transfer data from server to server using the quoted username and password-challenge route - the next bit is to make it two-way and use RSA.

It's me for www.wellsi.com

And thanks for the help.

Ed Form

Logged