Can I access my home Linux machines from Work?

I have three Linux machines at home, those 3 are connected to
Router/4-port-Switch and Router's WAN port is connected to Cable Modem,
I have broadband access through Cable modem. All 3 are always up and
running, how can I access from work?. Can some expert write me what are
the steps involved?. Thanks in advance.

In comp.os.linux.networking (E-Mail Removed):
> I have three Linux machines at home, those 3 are connected to
> Router/4-port-Switch and Router's WAN port is connected to Cable Modem,
> I have broadband access through Cable modem. All 3 are always up and
> running, how can I access from work?. Can some expert write me what are
> the steps involved?. Thanks in advance.

Make sure sshd runs on those boxes, should be per default and you
can login from your other systems.

Configure your Router/4-port-Switch to forward port 22 (ssh) to
one of the systems, so you can log on to one and jump from there
to the others. Check your router manual hoe to go about it. Make
sure you only open the port to "secure" LANs the ones you are
logging in from or/and configure to allow key login only, deny
direct remote root login (man sshd_config), you can use 'su -' if
you need to become root.

Good luck
--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 410: Electrical conduits in machine room are
melting.

Michael Heiming wrote:

> In comp.os.linux.networking (E-Mail Removed):
>> I have three Linux machines at home, those 3 are connected to
>> Router/4-port-Switch and Router's WAN port is connected to Cable Modem,
>> I have broadband access through Cable modem. All 3 are always up and
>> running, how can I access from work?. Can some expert write me what are
>> the steps involved?. Thanks in advance.
>
> Make sure sshd runs on those boxes, should be per default and you
> can login from your other systems.
>
> Configure your Router/4-port-Switch to forward port 22 (ssh) to
> one of the systems, so you can log on to one and jump from there
> to the others. Check your router manual hoe to go about it. Make
> sure you only open the port to "secure" LANs the ones you are
> logging in from or/and configure to allow key login only, deny
> direct remote root login (man sshd_config), you can use 'su -' if
> you need to become root.
>
> Good luck


What if you are on SBC-Yahoo DSL with PPPoE and your IP address gets changed
from time to time?

Al

In comp.os.linux.networking Al. C <(E-Mail Removed)>:
[..]

> What if you are on SBC-Yahoo DSL with PPPoE and your IP address gets changed
> from time to time?

--> google
--> dyndns

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 125: we just switched to Sprint.

(E-Mail Removed) wrote:

> I have three Linux machines at home, those 3 are connected to
> Router/4-port-Switch and Router's WAN port is connected to Cable Modem,
> I have broadband access through Cable modem. All 3 are always up and
> running, how can I access from work?. Can some expert write me what are
> the steps involved?. Thanks in advance.

You can use a VPN (Virual Private Network), provided you can get beyond your
employers firewall. However, many employers take a dim view of this.

(E-Mail Removed) wrote:

> I have three Linux machines at home, those 3 are connected to
> Router/4-port-Switch and Router's WAN port is connected to Cable Modem,
> I have broadband access through Cable modem. All 3 are always up and
> running, how can I access from work?. Can some expert write me what are
> the steps involved?. Thanks in advance.

Simple way to test it is to download something like the Mepis or Knoppix
LiveCD, boot up one of the machines, and leave it running so that
you can log into it from work.
http://www.frozentech.com/content/livecd.php

In Mepis at least, you can run System->Desktop sharing,
then configure and allow uninvited connections, set
it for allow uninvited connections to cotrol desktop,
and don't set the confirm. Also set a good long password.

You can test at home by running
Internet->More applications->Remote Desktop Connection
Type in ipaddress:3030 and you should get in.
The connection type should be Medium Quality (for DSL etc)
even though you are on your own LAN.

If thats working, then you can first obtain ip address of
your PC. Open a console and enter ifconfig (shown as inet address).

(If it doesn't work, try other distros - but usually the problem is down
to any firewall software such as guarddog running in the PC.)

Now log into your router and map
port 3030 in the router to ipaddress:3030 of your computer.

Also look in the router's configuration to see what IP address
the ISP has given you.

With that ip address, providing it doesn't change
when you reach work, you should be able to log into the PC from work
with by running up Remote desktop from work and doing
internet_address:3030 all over again.
You can take the Mepis CD to work and boot up
one of the PCs there to do that if they don't have linux.

Michael Heiming wrote:
> [Lots of good advice on setting up for remote ssh access]
I would add
- use iptables to deny logins so you can silently drop unwanted connect
attempts. That way they don't know you are there & can't exploit any
holes that might turn up in ssh. If you can do this at your router, do
it there also.
- make sure sshd is up to date.
- I turn SSH V1 off because there were a couple of holes found in it
around the time I started doing this, but maybe I'm paranoid.

You should examine all the options in /etc/sshd_config that control
access and make sure you know what they do and what are the potential
consequences of turning each feature on.

7 <(E-Mail Removed)> writes:

>(E-Mail Removed) wrote:

>> I have three Linux machines at home, those 3 are connected to
>> Router/4-port-Switch and Router's WAN port is connected to Cable Modem,
>> I have broadband access through Cable modem. All 3 are always up and
>> running, how can I access from work?. Can some expert write me what are
>> the steps involved?. Thanks in advance.

The question is whetehr you are given an actual routable IP address or not.
If you are not, then it is impossible. Then it depends on how your router
works and whether you can set it up to do tunnelling, since it almost
certainly assignes non-routable addresses to your machines. If it can do
tunnelling you must set it up to do so.
If your isp gives you real IP addresses you must then tell your remote
machine what that IP address is. If it is a static address (unlikely) your
ISP will have given you a hostname. If not then again you cannot know your
ip address without your home machine telling your remote machine what its
address is.

On my system I have my home system write to a file (using ssh) on my work
system every 5 min giving its IP address. Then I have a script on my work
system which grabs that IP address and writes it to /etc/hosts.

To connect to my home system I go through my work system from an arbitrary
site.

>Simple way to test it is to download something like the Mepis or Knoppix
>LiveCD, boot up one of the machines, and leave it running so that
>you can log into it from work.
>http://www.frozentech.com/content/livecd.php

>In Mepis at least, you can run System->Desktop sharing,
>then configure and allow uninvited connections, set
>it for allow uninvited connections to cotrol desktop,
>and don't set the confirm. Also set a good long password.

>You can test at home by running
>Internet->More applications->Remote Desktop Connection
>Type in ipaddress:3030 and you should get in.
>The connection type should be Medium Quality (for DSL etc)
>even though you are on your own LAN.

>If thats working, then you can first obtain ip address of
>your PC. Open a console and enter ifconfig (shown as inet address).

>(If it doesn't work, try other distros - but usually the problem is down
>to any firewall software such as guarddog running in the PC.)

>Now log into your router and map
>port 3030 in the router to ipaddress:3030 of your computer.

>Also look in the router's configuration to see what IP address
>the ISP has given you.

>With that ip address, providing it doesn't change
>when you reach work, you should be able to log into the PC from work
>with by running up Remote desktop from work and doing
>internet_address:3030 all over again.
>You can take the Mepis CD to work and boot up
>one of the PCs there to do that if they don't have linux.

> What if you are on SBC-Yahoo DSL with PPPoE and your IP address gets
changed
> from time to time?
>

A simple way is to just use www.whatismyip.com, and mail the output to a
web-based email account periodically via cron. I have a yahoo agent that
moves it to the delete folder, but it stays there for about a day in case I
need it.

Buck Turgidson wrote:

>
>> What if you are on SBC-Yahoo DSL with PPPoE and your IP address gets
> changed
>> from time to time?
>>
>
> A simple way is to just use www.whatismyip.com, and mail the output to a
> web-based email account periodically via cron. I have a yahoo agent that
> moves it to the delete folder, but it stays there for about a day in case
> I need it.

And how would he use that, if he's trying to find his home address, from
work?