Find the answer to your Linux question:
Results 1 to 4 of 4
hi there! i have a question on radmin. we have a linux mandriva server in our main office and branches acting as a internet server and mail gateway. How can ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2006
    Location
    Philippines
    Posts
    1

    Question Remote Admin


    hi there!

    i have a question on radmin.

    we have a linux mandriva server in our main office and branches acting as a internet server and mail gateway. How can i radmin (full control) the PCs in our branches from our Main office?

    actually, from our office i can radmin - full control my pc at home, but from our office to our branches i cannot.

    what do i have to configure on the Linux server of our main office and branches, i guess its in the linux firewall setting... but i just dont know what to do exaclty.

    please help me.....

  2. #2
    Linux Enthusiast KenJackson's Avatar
    Join Date
    Jun 2006
    Location
    Maryland, USA
    Posts
    510
    Most people use secure shell (OpenSSH) for that task. Install openssh and openssh-clients on the local PC. Install openssh and openssh-server on the remote PC. (Or better yet, install all three packages on every PC you control.)

    It is configured by editing /etc/ssh/ssh_config and /etc/ssh/sshd_config.

    Other packages that are helpfull are keychain, openssh-askpass, openssh-askpass-gnome, and zssh.

    Each user should run ssh-keygen to create a ~/.ssh directory and keys. Then copy ~/.ssh/id_dsa.pub from each machine into the ~/.ssh/authorized_keys file on every other accessed PC. The pub files are not secret, so they may be copied by ftp or whatever.

    With a properly configured system, you can just type the command ssh hostname (using the actual host name) and you are logged in. Then su makes you root and the service command allows you to stop and start services.

    If you configure /etc/ssh/sshd_config with "X11Forwarding yes", you can even start a graphical application (say an editor) and it will display on the local PC while actually executing on the remote.

    By default, OpenSSH uses port 22, so your firewall has to pass that one.

  3. #3
    Super Moderator Roxoff's Avatar
    Join Date
    Aug 2005
    Location
    Nottingham, England
    Posts
    3,914
    Quote Originally Posted by KenJackson
    By default, OpenSSH uses port 22, so your firewall has to pass that one.
    Aye - it does, but if you move it to a different port you avoid having lots of script kiddies and their automated blat trying a gazillion different username/password combinations even if you have password logon turned off.

    Simple security tips for ssh:

    - turn off direct root access over ssh (the user can still do su after logon)
    - force everyone to use ssh protocol version 2
    - turn off password access for anyone - force everyone to use their generated key.
    - move the ssh server to a different port - this is specified in /etc/ssh/sshd_config
    - if your users always connect from the same place then use your firewall or IPtables rules to restrict access to the ssh port from their normal IP addresses.

    If your really want to impose more control, take away the su access by changing the password, and force users to use sudo to operate restricted commands. You get control of what they can and cant do then - and if their account is compromised, then you will limit the damage any intruder can do.
    Linux user #126863 - see http://linuxcounter.net/

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Enthusiast KenJackson's Avatar
    Join Date
    Jun 2006
    Location
    Maryland, USA
    Posts
    510
    Quote Originally Posted by Roxoff
    move the ssh server to a different port - this is specified in /etc/ssh/sshd_config
    I do that too. In fact, each PC inside my firewall listens to a different port, and my NAT router forwards incoming packets to the right PC, so I can SSH to each PC from outside. And outside I use a script to specify the right port for the right machine. (This can also be done with ~/.ssh/config, but I didn't learn that until I had the script all setup.)

    Quote Originally Posted by Roxoff
    force everyone to use ssh protocol version 2
    I do that too. In fact, I use only DSA and turn off authentication with RSA. I think DSA is stronger, but even if it's not, I am adding a wee bit of safety by turning off stuff I don't use.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •