Koozali.org: home of the SME Server

Obsolete Releases => SME 7.x Contribs => Topic started by: pauljclarke on January 15, 2008, 09:45:47 AM

Title: Remote Access with SSH via VPN with non-local IP address
Post by: pauljclarke on January 15, 2008, 09:45:47 AM

Hi,

Network Setup : remote laptop behind a firewall running Putty(SSH) connects to site using VPN where SME server is running. VPN access does not give laptop a local IP address but presents it on local network with remote address.

So Laptop = 192.168.10.n
SME Server=192.168.0.n

I can't change the way the VPN/firwall works so that I get a local IP address - not under my control!?

Remote admin via control panel allows me access by adding the 192.168.0.n network, but question is - how do I allow access using tools like Putty and WinSCP?

Thanks

P  :-?

Title: Re: Remote Access with SSH via VPN with non-local IP address
Post by: mmccarn on January 15, 2008, 07:29:19 PM

Here are 2 different options for getting ssh access from a specific IP address or network:
1. Add the VPN  subnet to 'Local networks' (server-manager::Security::Local networks)

2. Enable 'Public' access to ssh, then manually create an "AllowHosts" list for the sshd service:
* Change SSH to allow connections from anywhere (server-manager::Security::Remote access::Secure shell access)
* execute the following commands at a shell prompt, as root:

Code: [Select]

config setprop sshd AllowHosts 192.168.10.n
signal-event remoteaccess-update
Finally, it is considered secure to:
- allow public access to ssh
- disable password login to ssh, and configure public-private keys as described in http://wiki.contribs.org/SSH_Public-Private_Keys

Of course, if you have to VPN to a non-SME VPN server in order to access your SME server then it sounds like your SME is already behind a firewall, so configuring "public" access to ssh should still only allow access from your local networks...