Koozali.org: home of the SME Server
Obsolete Releases => SME 7.x Contribs => Topic started by: groutley on May 01, 2008, 04:07:42 AM
-
Hello,
I find I often have the need to manage my SME server remotely..
i.e. when I am out in the real world and on the external side of my server..
I tend to disable the WEB access from the internet and only allow on the internal Network from a good security perspective.
but when I travel and the need arises to perform some admin changes, or check on something,
I cannot access !
I have used VPN in the past, to VPN into my network, and then get the server manager pages from the 'internal' pipe.
But I find the VPN very unreliable, and I currently cannot get it to work.
Given I fly to the other side of the world tomorrow AM, I am hoping there is a db setprop or something that I can issue from CLI to enable and later disable the external accessability to the server-manager pages.
My ssh works externally and requires a key, so is quite secure,
if someone can help me with the magic incantation to perform this It would certainly solve a major headache for me.
Thanks
Glen
-
groutley
Put your ssh key and Putty.exe on a USB stick and take it with you.
Then access your server via putty & ssh from anywhere, pointing the Putty config at the inserted USB disk with the ssh key on it.
Control your server via root login (or a user setup appropriately), type
console
to access the admin menu and then select server manager which will run in text mode.
You will need to have allowed ssh access from any host, but this is reasonably safe as you are using ssh keys.
-
Thanks Mary,
I have no problem with accessing the CLI access from external.
What I am asking is for a command line incantation such as a db setprop.....
that will allow WEB access to the 'https:\\smeserver.external.domain\server-manager' pages.
While I am sure anything can be configured and managed from the command line (ssh session)
I do not know howto do all that, and find the Web interface much simpler to view and alter configuration if the need arises.
I certainly could just open the access so that the server-manager pages are permanently open to internet access,
but prefer not to as a security risk.
So I want a command that I can enter from my ssh session, to allow the web access,
then I can make whatever change is required,
then once finished, enter a command in SSH that disables the access again to the WEB server-manager.
thanks
-
groutley
Change the Remote Access settings for server manager in the server manager panel, and then look at the messages log file to see what commands are isssued.
You will then have the commands to issue at CLI via ssh to enable web access to server manager.
-
I frequently log in on the server manager of my server at work from my home computer. Since I have a dynamically assigned WAN IP-address at home I always have to check first what my current IP-address is, let's call it a.b.c.d. (you'll find this in the /var/log/sshd log files). Then I log in with my account, switch to root and execute the following commands:
config show httpd-adminNote down (or copy) the ValidFrom parameter values (for backup reasons).
For example, it will be something like this:
ValidFrom 192.168.1.1/255.255.255.0
This means that you can access the server-manager only from the local network (192.168.1.x range), i.e. your server's local network.
Note down the WAN address of your ADSL-connection: the a.b.c.d address. Then issue the commands:
config setprop httpd-admin ValidFrom 192.168.1.1/255.255.255.0,a.b.c.d/255.255.255.255
signal-event remoteaccess-update
Note the comma and note the subnet mask which means that only the IP-address that exactly matches a.b.c.d. is allowed access to the server-manager.
When you're finished in the server manager you can reset the ValidFrom parameter to it's original value:
config setprop httpd-admin ValidFrom 192.168.1.1/255.255.255.0
signal-event remoteaccess-update
-
excellent Frankvb,
thats just what I was hoping for !
thank you so much for a clear explanation.
Glen