Secure entry into remote systems

duncan brown duncanbrown at linuxadvocate.net
Thu May 20 14:42:37 UTC 2004 

Tom Needs A Hat Mitchell said:
> On Wed, May 19, 2004 at 12:59:05PM +0800, Edward wrote:
> .....
>> So, I was thinking about setting up dyndns or no-ip addresses for
>> these  servers, then opening up the firewall for either ssh or VPN.
>> None of my  customers have a static internet address.
>
> DynDNS costs money small as it is and you still have to script the
> discovery of the DHCP assigned address.  Since you have to do that
> anyhow there is no reason you cannot simply update a resource you own
> via ftp, scp, email, what ever.  Heck a simple wget from a periodic cron
> job of a small special file name on your web site will log the ipaddress
> that you need to ssh into the box.  The file does not need to exist.
>
> Also knowing the IP address that each box is on you can now do a
> polite port scan as part of the service.  Check also for open mail
> relays.
>
> SSH is about as secure as you can get.
> SSH in as a normal user then use a second passwd to su/sudo
> what you need to do.

i currently run a ez-iupdate wrapper script (no access to it now, email me
privately if you want it) that hits

http://www.linuxadvocate.net/myip

to determine the ip, it's just a simple 1 line php script echoing a global
var.  it's useful to determine your router/firewall's ip address to the
outside world (since it won't report your eth0 if you're on a NAT).

you may want to look into that.

also, i'd like to have other servers out there to do the myip thing for
users so i don't get slammed with requests.  let me know, i want to build
up a directory and then i'll release the wrapper into the wild.

-d

+( duncan brown : duncanbrown at linuxadvocate.net )+
+(  linux "just works" : www.linuxadvocate.net  )+

--------------------------------------------------
Understatement of the century:
"Hello everybody out there using minix - I'm doing
a (free) operating system (just a hobby, won't be
big and professional like gnu) for 386(486) AT
clones"
         - Linus Torvalds, August 1991
--------------------------------------------------

More information about the users mailing list