You're reading from Linux Networking Cookbook
Our first option for remote access is the simplest, assuming that you just need to be able to remotely access a shell on your Linux system. All Linux distributions offer the ability to install a Secure Shell (SSH) server. The most common SSH server available is OpenSSH, which is distributed by the OpenBSD team. A lighter weight option called Dropbear is also available and is often found in embedded Linux platforms, such as OpenWRT.
Installing OpenSSH on a Linux system is very easy but the specifics on how to do it will depend on the Linux distribution that you are using.
Let's install SSH server in Debian/Ubuntu through the following command:
# sudo apt-get install ssh
For Fedora, CentOS, and other RedHat derivatives, it would be sudo yum install openssh-server
.
Now, once OpenSSH is installed, anyone with network access to tcp port 22 on your system may attempt to log in to your system. If this machine is your firewall or if you forward port 22 from your firewall...
You have a number of client options if you're looking to access a shell on a system running an SSH daemon.
If you are connecting from another *nix
system, such as Linux or Mac OS X, you can launch a terminal and use the SSH command-line tool from OpenSSH:
A free graphical SSH client called PuTTY is available for Linux, Mac, and Windows. PuTTY provides you a terminal on the remote system rather than providing any form of local shell access. Windows binaries and the sources to build
*nix
clients can be obtained at http://www.chiark.greenend.org.uk/~sgtatham/putty/.Various SSH clients are also available for Android and iOS devices.
The OpenSSH client available on the terminal from systems similar to *nix
is the simplest approach. Simply launch Terminal.app
on your Mac or an xterm
on your Linux system and run ssh username@host
. If the username@
is omitted, then the ssh
client will attempt to log in using your local username. The host...
One extremely useful piece of functionality is the ability to forward ports from the remote system to your local system or vice versa.
Forward a remote port locally:
–L 8000:192.168.1.123:80
Forward a local port remotely:
–R 5000:localhost:22
Make either port available from remote systems with
–g
The –L
option allows you to make a remote port available locally. The arguments are [bind_address:]port:host:hostport
.
In our example, we're logging into a remote system and then forwarding port 80 on 192.168.1.123 of your local system. This means that if you connect your web browser to localhost port 8000, you will actually be hitting the server on 192.168.1.123. This is useful for accessing resources behind a firewall or just changing the network your connection is established from. Note that if you're specifically using this for a web server, you may need to play tricks with your host files or ports in use in order to work around...
If you're looking to access webpages through an SSH proxy, you may find that the –L
option is a bit too limiting, since you need to specify each individual web server that you're forwarding and give each one its own local port.
If your remote network contains an HTTP proxy like Squid or Apache's mod_proxy
, then you may choose to forward the port of that proxy server. If you don't have one available, then consider using OpenSSH's built in SOCKS proxy functionality.
Enabling the socks proxy is trivial. Just specify –D 8000
where 8000 is the local port that you want to configure the clients to use. Then just configure your client to use that port as a SOCKS proxy. For some clients, you'll need to explicitly tell them to use remote DNS if you're connecting to resources which are not remotely resolvable.
The following screenshot will show you how to configure this in a modern version of Firefox. The actual configuration of a SOCKS proxy will vary based...
OpenVPN is a full SSL VPN solution that allows you to connect two networks at layer 2 or 3 via a TCP or UDP tunnel. It is available on https://openvpn.net/ or via your distributions package repositories.
OpenVPN offers a number of options for authentication. We're going to set up a simple configuration, which will get you up and running. From there, there are multiple options, which you may want to consider for your needs.
Install OpenVPN on the server with
sudo apt-get install openvpn
for Debian derivatives like Ubuntu, orsudo yum install openvpn
.Generate a static key:
openvpn --genkey --secret /etc/openvpn/static.key
Set up the server configuration. You can see examples in /
usr/share/doc/openvpn/examples/sample-config-files
. For our purpose, we'll start with the following:proto udp user nobody secret /etc/openvpn/static.key ifconfig 10.8.0.1 10.8.0.2 comp-lzo verb 3
Create a client configuration file:
remote wanaddress proto udp dev tun secret /path/to/static.key...