Secure entry into remote systems

Scot L. Harris webid at cfl.rr.com
Wed May 19 12:09:43 UTC 2004


On Wed, 2004-05-19 at 00:59, Edward wrote:
> I have several servers installed at customer's premises. I used to 
> simply run out there to fix any slight problems or update mail white 
> lists etc.
> 
> However, with a few customers more than 1.5 hours drive away, I need to 
> look at remote administration. Especially for simply adding few users to 
> a spamassassin white list or the like, which really only are 10 minute jobs.
> 
> So, I was thinking about setting up dyndns or no-ip addresses for these 
> servers, then opening up the firewall for either ssh or VPN. None of my 
> customers have a static internet address.

In your place I would setup ssh.  The thing you need to make sure of is
if you are using password authentication that all your passwords are
good ones.  I believe you may want to lock down ssh to specific known
hosts and keys.  Even if you need to administer multiple systems
remotely use one to ssh to and then ssh from that one to the others. 
Also disable roots use of ssh so no one can go straight in as root. 
Means you will login as a normal user then su to root as needed.

Over those dialup lines you are not going to be doing any X-windows
forwarding or other GUI tricks, but command line should be fine.

-- 
Scot L. Harris <webid at cfl.rr.com>





More information about the fedora-list mailing list