Topic: Remote SSH

[Necromatic]

Hello everyone,

I've checked the FAQ HowTo section on remote login into SME Server via ssh and didn't come up with much.  I understand how to remote in from computers on the local network (which is easy through the server-manager) but not from the Internet facing NIC

My sme server is running as a gateway and I'm using DynDNS.

When I try to connect from school I receive an error on the lines of:  "Connection refused by host."

Can a guru point me in the right direction?  And again, sorry if I missed a link somewhere describing a resolve to my issue.

Thanks in advance.

[janet]

Necromatic

The manual would be a better place to read.
http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter11


Practical tip, download putty.exe (search Google for it) & install to client.
Enable ssh for public access in server manager.
You would be wise to use Public Private keys, see the Howto, or at least limit the host IP (s) that ssh can connect from, see firewall FAQ. You might also like to change the ssh port to reduce logging of connection attempts by unauthorised users.

[brianr]

Even better, use VPN to connect to server, then use putty. 

[Stefano]

Even better, use VPN to connect to server, then use putty. 

I disagree..

ssh with key auth is far more secure than pptp vpn.. and, of course, you can connect from everywhere 

my 2c

ciao
Stefano

[CharlieBrady]

I disagree..

ssh with key auth is far more secure than pptp vpn..

I agree with Stefano.

[brianr]

I agree with Stefano.

I presume your comments apply to the authentication stage rather than the data stream encryption?
 
Do you think that Key Auth _without_ a passphrase is more secure than VPN?  I am not so sure, if the client is a laptop then anyone who gets into the laptop (which depends on the strength of the login password), can then access the remote server. whereas using a VPN still requires a further password which has to be broken.

[CharlieBrady]

Do you think that Key Auth _without_ a passphrase is more secure than VPN?

That depends on the threat model.

I am not so sure, if the client is a laptop then anyone who gets into the laptop (which depends on the strength of the login password), can then access the remote server. whereas using a VPN still requires a further password which has to be broken.

Attacker could install sniffer and then (later) steal password.

Use Key auth with passphrase.

[brianr]

Use Key auth with passphrase.

yes, that certainly _is_ more secure.

[cactus]

Use Key auth with passphrase.

Here is a howto for it: http://wiki.contribs.org/SSH_Public-Private_Keys

[Necromatic]

Thanks for all the helpful replies.  I won't be able to give it a shot tonight, but I'm going to give it a shot tomorrow night.  Again thanks for the quick replies!