09-29-2009
Securing remote connections
Hi all,
I have a couple of questions I've been searching on internet but I didn't find a suitable solution. The aim is that I'd like to access to my home Linux (an 8.04 Ubuntu) from outside. I already achieved with ssh, but I'd like to secure as much as I can. These are questions:
- The account I use to login is a sudoer user. So, I want to connect with an unprivileged user, and then, only if I need, reconnect with that user inside my linux. I'd like to disable that account (root is always disabled) from remote connections. How can I do that? or Where can I find some information to disable that account from remote connections?
- One of places I'd like to connect is from office, which has a proxy to connect to a computer out of LAN. Almost all ports are disabled. I'd like to know a way to find out which ports are open, to open in my own home the right one (a port also open in office proxy). I thought using "nmap" or "nc" to my own Linux, but it also has almost all ports closed. So connection is not possible unless I open all ports in my router, which is quite dangerous. Using nc or nmap I won't be able to know if a 'connection refused' is because my router has a certain port closed or because port in office proxy is close.
For example I opened port 443 in my router which redirects to port 22 to my linux. I used this port, because I guessed HTTPS port was available in office proxy. I got right. However, this port is very used and I don't like to leave that port open at home.
Because of my english I don't know if my explanation is good enough, sorry
Any help will be very appreciate.
Thanks
8 More Discussions You Might Find Interesting
1. Cybersecurity
someone has access to my server...
I've got a solaris 7 box with remote access only.
many of the services don't have passwords
and someone recently messed with the shadow file
-the root: line was changed:
. password field was changed to NP
. the number after that was changed too
The... (8 Replies)
Discussion started by: sphiengollie
8 Replies
2. Shell Programming and Scripting
OK here is my problem. Ive been trying to write a script where i use the order "find".
For example if i wont to find some file in the sql_work directory using the script. You use the command: loc sql_work "q*" in order to find all the queries in the directory.
Is there any other way to do it,... (0 Replies)
Discussion started by: SolidSnake
0 Replies
3. AIX
I would like to secure a shell script from being broken out of with Ctrl-C or equivalent.
Once a user logs in, he should not be able to exit to the command prompt.
any ideas.
Thank you
J (1 Reply)
Discussion started by: jhansrod
1 Replies
4. Solaris
Hello everybody,
This is an unusual problem that I am facing on my Solaris 9 on Sun Blade 150 workstation. I can ping remote machines (outside subnet) but I can't open up a connection/port on those machines.
For example, `ping ftp.xyz.com` gives ftp.xyz.com is alive but if I do a `ftp... (1 Reply)
Discussion started by: red_crab
1 Replies
5. Cybersecurity
Hi All,
I'd like to give you an example of what I am trying to achieve and perhaps you might be able to help me along.
I would like to add the following criteria to new servers, from a password aging and lockout standpoint.
-Number of failed logins before lockout: = 5
-Number of Passwords... (1 Reply)
Discussion started by: mkono
1 Replies
6. BSD
Hi everyone:
I have a server used for testing running FreeBSD, last weekend we had power cuts in my job and our server was constantly rebooting.
since then the network connections are very slow, it's almost impossible establish a remote connection with the server, however running any... (2 Replies)
Discussion started by: edgarvm
2 Replies
7. AIX
Guys, i want to securing AIX after install by scratch. Is anybody can inform about the standard port which used by AIX? (4 Replies)
Discussion started by: michlix
4 Replies
8. UNIX for Advanced & Expert Users
Good morning,
Is there any command to view remote conxiones an AIX server?
Thank you very much and best regards. (1 Reply)
Discussion started by: systemoper
1 Replies
REDIR(1) General Commands Manual REDIR(1)
NAME
redir - redirect tcp connections
SYNOPSIS
redir [--laddr=incoming.ip.address] [--caddr=host] [--debug] [--syslog] [--name=str] [--timeout=n] [--bind_addr=my.other.ip.address] [--ftp=type]
[--transproxy] [--connect=host:port] --lport=port --cport=port [--bufsize=n] [--max_bandwidth=n] [--random_wait=n] [--wait_in_out=n]
redir --inetd [--caddr=host] [--debug] [--syslog] [--name=str] [--timeout=n] [--ftp=type] [--transproxy] [--connect=host:port] --cport=port
[--bufsize=n] [--max_bandwidth=n] [--random_wait=n] [--wait_in_out=n]
DESCRIPTION
Redir redirects tcp connections coming in to a local port to a specified address/port combination.
It may be run either from inetd or as a standalone daemon. Depending on how redir was compiled, not all options may be available.
OPTIONS
--lport
Specifies port to listen for connections on (when not running from inetd)
--laddr
IP address to bind to when listening for connections (when not running from inetd)
--cport
Specifies port to connect to.
--caddr
Specifies remote host to connect to. (localhost if omitted)
--inetd
Run as a process started from inetd, with the connection passed as stdin and stdout on startup.
--debug
Write debug output to stderr or syslog.
--name Specify program name to be used for TCP wrapper checks and syslog logging.
--timeout
Timeout and close the connection after n seconds of inactivity.
--syslog
Log information to syslog.
--bind_addr
Forces redir to pick a specific address/interface to bind to when it listens for incoming connections.
--ftp When using redir for an FTP server, this will cause redir to also redirect ftp connections. Type should be specified as
either "port", "pasv", or "both", to specify what type of FTP connection to handle. Note that --transproxy often makes one
or the other (generally port) undesirable.
--transproxy
On a linux system with transparent proxying enabled, causes redir to make connections appear as if they had come from their
true origin. (see /usr/share/doc/redir/transproxy.txt)
--connect
Redirects connections through an HTTP proxy which supports the CONNECT command. Specify the address and port of the proxy
using --caddr and --cport. --connect requires the hostname and port which the HTTP proxy will be asked to connect to.
--bufsize n
Set the bufsize (defaut 4096) in bytes. Can be used combined with --max_bandwidth or --random_wait to simulate a slow con-
nection.
--max_bandwidth n
Reduce the bandwidth to be no more than n bits/sec. The algorithme is basic, the goal is to simulate a slow connection, so
there is no pic acceptance.
--random_wait n
Wait between 0 and 2 x n milliseconds before each "packet". A "packet" is a bloc of data read in one time by redir. A
"packet" size is always less than the bufsize (see also --bufsize).
--wait_in_out n
Apply --max_bandwidth and --random_wait for input if n=1, output if n=2 and both if n=3.
SEE ALSO
inetd(1)
local REDIR(1)