Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: Necromatic on March 02, 2009, 05:52:02 AM

Title: Remote SSH
Post by: Necromatic on March 02, 2009, 05:52:02 AM: Hello everyone,

I've checked the FAQ HowTo section on remote login into SME Server via ssh and didn't come up with much. I understand how to remote in from computers on the local network (which is easy through the server-manager) but not from the Internet facing NIC

My sme server is running as a gateway and I'm using DynDNS.

When I try to connect from school I receive an error on the lines of: "Connection refused by host."

Can a guru point me in the right direction? And again, sorry if I missed a link somewhere describing a resolve to my issue.

Thanks in advance.
Title: Re: Remote SSH
Post by: janet on March 02, 2009, 07:04:41 AM: Necromatic

The manual would be a better place to read.
http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter11

Practical tip, download putty.exe (search Google for it) & install to client.
Enable ssh for public access in server manager.
You would be wise to use Public Private keys, see the Howto, or at least limit the host IP (s) that ssh can connect from, see firewall FAQ. You might also like to change the ssh port to reduce logging of connection attempts by unauthorised users.
Title: Re: Remote SSH
Post by: brianr on March 02, 2009, 01:51:09 PM: Even better, use VPN to connect to server, then use putty.
Title: Re: Remote SSH
Post by: Stefano on March 02, 2009, 03:05:47 PM: Quote from: brianr on March 02, 2009, 01:51:09 PM
Even better, use VPN to connect to server, then use putty.

I disagree..

ssh with key auth is far more secure than pptp vpn.. and, of course, you can connect from everywhere :-)

my 2c

ciao
Stefano
Title: Re: Remote SSH
Post by: CharlieBrady on March 02, 2009, 03:12:04 PM: Quote from: Stefano a.k.a. nenonano on March 02, 2009, 03:05:47 PM
I disagree..

ssh with key auth is far more secure than pptp vpn..

I agree with Stefano.
Title: Re: Remote SSH
Post by: brianr on March 02, 2009, 03:47:29 PM: Quote from: CharlieBrady on March 02, 2009, 03:12:04 PM
I agree with Stefano.

I presume your comments apply to the authentication stage rather than the data stream encryption?

Do you think that Key Auth _without_ a passphrase is more secure than VPN? I am not so sure, if the client is a laptop then anyone who gets into the laptop (which depends on the strength of the login password), can then access the remote server. whereas using a VPN still requires a further password which has to be broken.
Title: Re: Remote SSH
Post by: CharlieBrady on March 02, 2009, 04:03:45 PM: Quote from: brianr on March 02, 2009, 03:47:29 PM
Do you think that Key Auth _without_ a passphrase is more secure than VPN?

That depends on the threat model.

Quote
I am not so sure, if the client is a laptop then anyone who gets into the laptop (which depends on the strength of the login password), can then access the remote server. whereas using a VPN still requires a further password which has to be broken.

Attacker could install sniffer and then (later) steal password.

Use Key auth with passphrase.
Title: Re: Remote SSH
Post by: brianr on March 02, 2009, 04:07:23 PM: Quote from: CharlieBrady on March 02, 2009, 04:03:45 PM
Use Key auth with passphrase.

yes, that certainly _is_ more secure.
Title: Re: Remote SSH
Post by: cactus on March 02, 2009, 06:09:15 PM: Quote from: CharlieBrady on March 02, 2009, 04:03:45 PM
Use Key auth with passphrase.
Here is a howto for it: http://wiki.contribs.org/SSH_Public-Private_Keys
Title: Re: Remote SSH
Post by: Necromatic on March 03, 2009, 04:37:05 AM: Thanks for all the helpful replies. I won't be able to give it a shot tonight, but I'm going to give it a shot tomorrow night. Again thanks for the quick replies!