Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
ssh no go
#11
Well threw the gui i did set a simple rule to allow 22 but it says allow anywhere in the description and that has me a bit worried what that actually means. i tried doing a specific from ip to ip rule but it doesn't work. I have to use the simple rule option. As for the bonded dsl, I don't know the specifics about the public ip. All I realized is that it changed with the router upgrade. But with that simple rule in place I can now login both ways using any of my devices.

I want to thank you guys for all the help, great ideas all helped and pointed me in the right direction. Awesome group, again. Thank You.
Reply
#12
Awesome.  Yeah a firewall issue.  Those are common.
Jeremy (Mr. Server)

* Desktop: Ubuntu MATE
* Windows are for your walls, Apple is for your health, Linux is for your computer
Reply
#13
One last question, how do I setup Gufw to let ssh work? When I selected the predefined ssh profile it said the profile may be risky for ssh use.
Reply
#14
Well allowing SSH connections is more risky than not since someone could login and do damage to the system.
Jeremy (Mr. Server)

* Desktop: Ubuntu MATE
* Windows are for your walls, Apple is for your health, Linux is for your computer
Reply
#15
Then why does Collins push SSH so much? I see the up side of using the feature but if it leaves you open to hits then why use it? Unless I was to shut down Gufw for a few minutes while I transferred the file or files i want then enable Gufw again. See, what I want SSH for is I have a business that needs to have labels made on a frequent basis. So I make my list of inventory items with their prices to make labels on my laptop. It would be nice to make a small script to SSH the file over to my laptop from Tablet which obviously is easier to handle. Unless I could use SFTP for that purpose. I haven't tried that yet. Does running a VPN help negate the risk of someone sniffing you?
Reply
#16
(10-06-2018, 06:57 PM)DahRat Wrote: Then why does Collins push SSH so much?  I see the up side of using the feature but if it leaves you open to hits then why use it?  Unless I was to shut down Gufw for a few minutes while I transferred the file or files i want then enable Gufw again.  See, what I want SSH for is I have a business that needs to have labels made on a frequent basis.  So I make my list of inventory items with their prices to make labels on my laptop.  It would be nice to make a small script to SSH the file over to my laptop from Tablet which obviously is easier to handle.  Unless I could use SFTP for that purpose.  I haven't tried that yet.  Does running a VPN help negate the risk of someone sniffing you?

Whenever you use any type of remote access, it comes with the risk of someone sniffing into it. The same risks apply for VNC/RDP or TeamViewer. BUT SSH is probably one of the most securest tools of them.
I think all that cleverwise was trying to do here is to explain you why the firewall is showing you a warning. That doesn't mean that there is an actual serious threat by opening port 22.

If you want to make your SSH connection really secure, the best advice is to use safe passwords and/or keyfiles for all of the SSH users. (Safe passwords include numbers, uppercase letters, lowercase letters, brackets, minus, at least 20 characters and so on.) Security will also benefit if the user "root" can't login directly to SSH. 

If you already have a VPN set up, it would be more secure to use it to connect to your SSH-PC instead of making the SSH-PC available to the public internet (f.e. forwarding port 22 to your SSH-PC in the router)
Reply
#17
Hmmm, not sure if I'm up to figuring out forwarding in the router., something to think about. Yeah, I could stand to make my passwords a bit more tight. I love this Linux thing, some much cool stuff to play with. Thanks again.
Reply
#18
Joe talks about SSH a lot because it is a very powerful way to manage systems.  There is a lot of flexibility and control.

Wheel is a correct in my statement.  i was simply stating why the firewall is warning you.

I am not clear if you are trying to SSH to the other system over the Internet (WAN) or on a local network (LAN).

You should ideally use keys.  Keys are much stronger than passwords.  However to protect keys you should have a passphrase otherwise if your keys are ever stolen then someone can just login.  This mean you need a password (which should be hard to guess) to unlock the key to then connect to SSH.  Joe and I discussed in detail and how to setup keys in a Mr. Server Mr. Desktop episode.

There are ways to protect SSH like Fail2Ban.
Jeremy (Mr. Server)

* Desktop: Ubuntu MATE
* Windows are for your walls, Apple is for your health, Linux is for your computer
Reply
#19
Ok, I'll take a lot at the video. My main reason to use SSH is to tranfer simple files from my Android Tablet to my Thinkpad. I've been doing it with Google Drive but I don't like them much sooo. Plus I like the idea of remote access and control of my devices, just another toy for me to play with I guess but I'll take a lot at your vid suggestion. Thanks.
Reply
#20
If you are just using ssh to transfer files in your local network, there's no need to set up VPN or forward ports. That's something that you'll only need if you want to access your SSH machines from the internet.
If your local network is a home network with only trusted participants, I wouldn't worry too much about having port 22 open either.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)