You are not logged in.

#1 2009-05-06 07:50:52

ftornell
Member
Registered: 2008-08-18
Posts: 277
Website

Secured server with SSH and VPN?

Hi,
Have an Archbox at home and when I'm traveling I would like to connect to my Archlinux box at home to grab files and such things.

Using ADSL with a static IP and a D-Link router.

If I create a portfowarding rule of port 443 to my Archlinux box and user it to connect with SSH and VPN is that secured enought?
I have family photos and stuff on the server that I don't want to be hacked or spread. Not a high target for hackers but for scriptkiddies! smile

So, will a portforwarding rule and a use of SSH daemon and a VPN Server software make me secure all the way, the VPN and SSH is encrypted right?

Any suggestions of a good VPN application?
Server daemon for the "archserver" and clients for my laptop with dualboot, vista and archlinux.


[ logicspot.NET | mempad.org ]
Archlinux x64

Offline

#2 2009-05-06 08:19:55

bender02
Member
From: UK
Registered: 2007-02-04
Posts: 1,328

Re: Secured server with SSH and VPN?

IMO ssh is secure enough. especially if you'll use rsa or dsa keypair to authenticate, and disable the usual password logins. Moreover there are plenty of utilities that can block scriptkiddies' lame attempts to get into a ssh (ie that block an ip for a specified time when there are a couple of unsuccesfull attempts to log in).

EDIT: some links:
ssh auth: http://www.ibm.com/developerworks/linux … -keyc.html
brute force blockers: in AUR/community: http://aur.archlinux.org/packages.php?O … _Search=Go
pure iptables rule: http://kevin.vanzonneveld.net/techblog/ … _iptables/

Last edited by bender02 (2009-05-06 08:25:58)

Offline

#3 2009-05-06 08:30:09

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,217
Website

Re: Secured server with SSH and VPN?

If you just want to access the one computer, SSH will be fine. I'd be surprised if you saw any script kiddies attempting SSH on a non-standard port like 443.

To access other computers on your home network, go for a VPN solution such as OpenVPN.

Last edited by fukawi2 (2009-05-06 08:30:36)

Offline

#4 2009-05-06 16:02:51

Hrod beraht
Member
Registered: 2008-09-30
Posts: 186

Re: Secured server with SSH and VPN?

For basic file grabbing, an easy and secure way is to just use SSHFS. That way you can just mount your home box to your mobile box and access everything through the secure connection as if its a local directory.

Bob

Offline

#5 2009-05-06 17:07:16

JK3mp
Member
Registered: 2009-03-25
Posts: 105

Re: Secured server with SSH and VPN?

+1 doubtful anyone will make an attempt to ssh port 443, generally port 443 is for SSL purposes for port 80 (or webservers etc.) . SSH should work just fine. (Unless you really think your a high profile target, aka. work for NASA, DoD  or some security firm (in which you wouldn't have this question probably tongue )

Offline

#6 2009-05-06 17:44:14

arch0r
Member
From: From the Chron-o-John
Registered: 2008-05-13
Posts: 597

Re: Secured server with SSH and VPN?

you can also take a look at knockd which is used to "harden" a server

Offline

#7 2009-05-08 12:48:22

Kenni
Member
From: Denmark
Registered: 2007-01-25
Posts: 64

Re: Secured server with SSH and VPN?

Yeah, SSH or OpenVPN should be perfectly fine.

However, why port 443? If someone is scanning a large range of IP-addresses for commonly open ports to find active servers, they will most likely scan port 21, 22, 25, 80, 110, 443, etc. as these ports usually run the most interesting services.

Since it has no impact on the usability, choose a high port, between 10000-65000, which is not commonly used. That way your system will not be identified as active by a simple portscan searching for active servers.

You don't have to be worried about attacks targeted directly against you, if you don't have anything interesting on your system, a cracker wouldn't spend time on manually breaking into your system. Just mask yourself from worms etc. by using uncommon ports. Using SSH or OpenVPN will handle encryption, which ensures data integrity, even when you're connected to an unencrypted hotspot somewhere in the world on your vacation smile

If you setup OpenVPN, you'll also have the possibility of routing all your Internet traffic throught your home system, which can be very handy in terms of surfing and checking mail from unencrypted hotspots around the world.

Offline

#8 2009-05-08 12:58:05

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,217
Website

Re: Secured server with SSH and VPN?

Kenni wrote:

However, why port 443?

It has it's benefits -- for example when using an untrusted network with strong egress filtering, they may block everything except 80, 443 and 110 which is perfectly fine for most people on the network -- using a high-port in this instance would be blocked, but 443 would still be allowed, and given that SSH is encryted, at a casual glance it would look just like any other SSL traffic that the network admin would expect to see on port 443.

Offline

#9 2009-05-08 13:16:42

Kenni
Member
From: Denmark
Registered: 2007-01-25
Posts: 64

Re: Secured server with SSH and VPN?

fukawi2 wrote:

they may block everything except 80, 443 and 110 which is perfectly fine for most people on the network

Very good point, didn't think of this smile

Offline

#10 2009-05-08 16:07:20

`dannyb
Member
From: /dev/null & aka Minnesota
Registered: 2009-01-27
Posts: 34

Re: Secured server with SSH and VPN?

fukawi2 wrote:
Kenni wrote:

However, why port 443?

It has it's benefits -- for example when using an untrusted network with strong egress filtering, they may block everything except 80, 443 and 110 which is perfectly fine for most people on the network -- using a high-port in this instance would be blocked, but 443 would still be allowed, and given that SSH is encryted, at a casual glance it would look just like any other SSL traffic that the network admin would expect to see on port 443.

Yea my old school district use to filter traffic this way which worked for me cause it was easy to bypass smile

Offline

Board footer

Powered by FluxBB