server-manager::Security::remote access has 4 sections.
The first section, "PPTP settings" refers to pptp VPNs.
The second section, "Remote Management" refers to https access to /server-manager
The third section, "Secure Shell Settings" refers to ssh access
The fourth section, "FTP Settings" refers to FTP.
The 'SSH' section doesn't have a place to enter individual remote hosts for access, so I suspect you've been setting the 'https://.../server-manager' remote host settings, then trying to use them from ssh... which won't work.
Here's what you can do to allow remote access to ssh while minimizing your security exposure:[list=a]
- use a non-standard port (now easy, using server-manager). This significantly reduces the noise in my log files from people trying to break in to my servers, which I find comforting. I do this in addition to one of the following options...
- Allow public access, deny password access, and figure out how to use public/private keys (this is the recommended solution, I think)
- Allow public access, allow password access, pick a really good password, and eliminate anyone that learns your password (not the approved solution)
- Allow public access using passwords, then use custom db variables to restrict remote access. (This appears to be what you are hoping to do). The command will look something like db configuration setprop sshd AllowHosts a.b.c.d; see http://wiki.contribs.org/DB_Variables_Configuration#Additional_information_on_customizing_iptables.
More secure than password-only Internet access, less secure than public/private key access[/list:o]
3 Replies
950 Views