Topic: Accessing Server-Manager Remotely

[fred2k3]

Hello, I've installed SME 8.0 (as part of a SAIL 3.1.1-22 ISO) but I'm not able to access the server-manager page using an external address. Logging on locally I've added the external IP address to the remote access page under remote management but when I try and access https://[server IP]/server-manager or https://[server IP]/sail I just get "Page cannot be loaded". Is there something else I need to do to get this working?

Incidentally I can access the sever remotely via secure shell.

[larieu]

Best practice seems to be

Connect to your server via PPP and you'll have acces by https://locaIP/server-manager

another approach (not best practice) is to set "local-network" your external IP (IF you has one fixed IP and it is trustful)

Probably you can add via template-custom also one hole into your server-manager access - also IP based

another way (probably the most insecure) is to set to public the access

[Stefano]

another way is to log in via ssh then

Code: [Select]

elinks https://localhost/sail

with "elinks" only server-manager will open automagically

[CharlieBrady]

Best practice seems to be

Connect to your server via PPP and you'll have acces by https://locaIP/server-manager

I assume that you mean PPTP, and not PPP. Use of PPTP cannot be considered best practice - it should be avoided:

https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/

Best practice would be to connect using SSH/putty using RSA key authentication, then using elinks or portforwarding port 443 via the SSH tunnel.

[larieu]

CharlieBrady

sorry but from my knowledge SME has no other supported tunnel "by default"

everything else is contrib or opening other holes - ssh port is one of them  (which I prefer + change the default ssh port to some other less scanned port)

Then openvpn should must become default in SME

http://wiki.contribs.org/SME_Server_wishlist

[stephdl]

http://wiki.contribs.org/Useful_Commands#Access_to_the_server-manager_through_SSH

one example 

[kmccarn]

Worst practice - for lazy people only. (I only do this while setting up new systems)

Set remote access to 0.0.0.0 subnet 0.0.0.0 - and you can access from anywhere.

It is possible to allow hosts on remote networks to access the server manager by entering those networks here. Use a subnet mask of 255.255.255.255 to limit the access to the specified host. Any hosts within the specified range will be able to access the server manager using HTTPS.

Network    Subnet mask    Number of hosts    Remove
0.0.0.0    0.0.0.0    4294967296    

[CharlieBrady]

Worst practice - for lazy people only.

I'd say for lazy and stupid people.

I believe it is a bug in the server manager that it accepts those values.

[fred2k3]

Many thanks for all the work around solutions.. I still don't understand why it's not working though as it used to work fine in SME7

It is possible to allow hosts on remote networks to access the server manager by entering those networks here. Use a subnet mask of 255.255.255.255 to limit the access to the specified host.

This is how I'm doing it, public facing IP address and 255.255.255.255 subnet (tried it from 2 different networks too) and no joy.

[Stefano]

Many thanks for all the work around solutions.. I still don't understand why it's not working though as it used to work fine in SME7

This is how I'm doing it, public facing IP address and 255.255.255.255 subnet (tried it from 2 different networks too) and no joy.

let me understand: you don't want to open a (secure) "hole" in your firewall but you open (wide) an unsecure one on your server?

ssh on no standard port, auth via key, server-manager via elinks.. even from a smartphone.. secure and fast..

[fred2k3]

Maybe my networking knowledge is worse than I feared... but if I'm restricting remote server access to a single IP address, and with a secure password, then isn't that plenty safe? I know IPs can be spoofed, but they'd have to know the exact IP address and the password to gain access wouldn't they?

Don't get me wrong, the SSH + elinks is a great tip, but I'd rather use the web interface any day.

[janet]

fred2k3

You really need to read all the information & links (and links to links) provided by posters.

Don't get me wrong, the SSH + elinks is a great tip, but I'd rather use the web interface any day.

You can establish the ssh tunnel connection, either by issuing the command referred to in
http://wiki.contribs.org/Useful_Commands#Access_to_the_server-manager_through_SSH
or by creating a saved ssh tunnel connection via port 443, for example here
https://howto.ccs.neu.edu/howto/windows/ssh-port-tunneling-with-putty/

Preferably use Public Private keys for best security, which will be better than direct password access to server manager from a specified IP, refer
http://wiki.contribs.org/SSH_Public-Private_Keys

Then once the secure ssh connection using PP keys is made, open a web browser to
https://localhost/server-manager

[johnp]

It would be interesting to know what mode you server is in. If it's server-gateway, IMHO the server-manager page should be available from what you have said that you have done.