Results 1 to 4 of 4
hi there! i have a question on radmin. we have a linux mandriva server in our main office and branches acting as a internet server and mail gateway. How can ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 09-09-2006 #1
- Join Date
- Sep 2006
i have a question on radmin.
we have a linux mandriva server in our main office and branches acting as a internet server and mail gateway. How can i radmin (full control) the PCs in our branches from our Main office?
actually, from our office i can radmin - full control my pc at home, but from our office to our branches i cannot.
what do i have to configure on the Linux server of our main office and branches, i guess its in the linux firewall setting... but i just dont know what to do exaclty.
please help me.....
- 09-11-2006 #2
Most people use secure shell (OpenSSH) for that task. Install openssh and openssh-clients on the local PC. Install openssh and openssh-server on the remote PC. (Or better yet, install all three packages on every PC you control.)
It is configured by editing /etc/ssh/ssh_config and /etc/ssh/sshd_config.
Other packages that are helpfull are keychain, openssh-askpass, openssh-askpass-gnome, and zssh.
Each user should run ssh-keygen to create a ~/.ssh directory and keys. Then copy ~/.ssh/id_dsa.pub from each machine into the ~/.ssh/authorized_keys file on every other accessed PC. The pub files are not secret, so they may be copied by ftp or whatever.
With a properly configured system, you can just type the command ssh hostname (using the actual host name) and you are logged in. Then su makes you root and the service command allows you to stop and start services.
If you configure /etc/ssh/sshd_config with "X11Forwarding yes", you can even start a graphical application (say an editor) and it will display on the local PC while actually executing on the remote.
By default, OpenSSH uses port 22, so your firewall has to pass that one.
- 09-12-2006 #3Originally Posted by KenJackson
Simple security tips for ssh:
- turn off direct root access over ssh (the user can still do su after logon)
- force everyone to use ssh protocol version 2
- turn off password access for anyone - force everyone to use their generated key.
- move the ssh server to a different port - this is specified in /etc/ssh/sshd_config
- if your users always connect from the same place then use your firewall or IPtables rules to restrict access to the ssh port from their normal IP addresses.
If your really want to impose more control, take away the su access by changing the password, and force users to use sudo to operate restricted commands. You get control of what they can and cant do then - and if their account is compromised, then you will limit the damage any intruder can do.Linux user #126863 - see http://linuxcounter.net/
- 09-12-2006 #4Originally Posted by Roxoff
Originally Posted by Roxoff