You are not logged in.
Hi,
Have an Archbox at home and when I'm traveling I would like to connect to my Archlinux box at home to grab files and such things.
Using ADSL with a static IP and a D-Link router.
If I create a portfowarding rule of port 443 to my Archlinux box and user it to connect with SSH and VPN is that secured enought?
I have family photos and stuff on the server that I don't want to be hacked or spread. Not a high target for hackers but for scriptkiddies!
So, will a portforwarding rule and a use of SSH daemon and a VPN Server software make me secure all the way, the VPN and SSH is encrypted right?
Any suggestions of a good VPN application?
Server daemon for the "archserver" and clients for my laptop with dualboot, vista and archlinux.
[ logicspot.NET | mempad.org ]
Archlinux x64
Offline
IMO ssh is secure enough. especially if you'll use rsa or dsa keypair to authenticate, and disable the usual password logins. Moreover there are plenty of utilities that can block scriptkiddies' lame attempts to get into a ssh (ie that block an ip for a specified time when there are a couple of unsuccesfull attempts to log in).
EDIT: some links:
ssh auth: http://www.ibm.com/developerworks/linux … -keyc.html
brute force blockers: in AUR/community: http://aur.archlinux.org/packages.php?O … _Search=Go
pure iptables rule: http://kevin.vanzonneveld.net/techblog/ … _iptables/
Last edited by bender02 (2009-05-06 08:25:58)
Offline
If you just want to access the one computer, SSH will be fine. I'd be surprised if you saw any script kiddies attempting SSH on a non-standard port like 443.
To access other computers on your home network, go for a VPN solution such as OpenVPN.
Last edited by fukawi2 (2009-05-06 08:30:36)
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
For basic file grabbing, an easy and secure way is to just use SSHFS. That way you can just mount your home box to your mobile box and access everything through the secure connection as if its a local directory.
Bob
Offline
+1 doubtful anyone will make an attempt to ssh port 443, generally port 443 is for SSL purposes for port 80 (or webservers etc.) . SSH should work just fine. (Unless you really think your a high profile target, aka. work for NASA, DoD or some security firm (in which you wouldn't have this question probably )
Offline
you can also take a look at knockd which is used to "harden" a server
Offline
Yeah, SSH or OpenVPN should be perfectly fine.
However, why port 443? If someone is scanning a large range of IP-addresses for commonly open ports to find active servers, they will most likely scan port 21, 22, 25, 80, 110, 443, etc. as these ports usually run the most interesting services.
Since it has no impact on the usability, choose a high port, between 10000-65000, which is not commonly used. That way your system will not be identified as active by a simple portscan searching for active servers.
You don't have to be worried about attacks targeted directly against you, if you don't have anything interesting on your system, a cracker wouldn't spend time on manually breaking into your system. Just mask yourself from worms etc. by using uncommon ports. Using SSH or OpenVPN will handle encryption, which ensures data integrity, even when you're connected to an unencrypted hotspot somewhere in the world on your vacation
If you setup OpenVPN, you'll also have the possibility of routing all your Internet traffic throught your home system, which can be very handy in terms of surfing and checking mail from unencrypted hotspots around the world.
Offline
However, why port 443?
It has it's benefits -- for example when using an untrusted network with strong egress filtering, they may block everything except 80, 443 and 110 which is perfectly fine for most people on the network -- using a high-port in this instance would be blocked, but 443 would still be allowed, and given that SSH is encryted, at a casual glance it would look just like any other SSL traffic that the network admin would expect to see on port 443.
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
they may block everything except 80, 443 and 110 which is perfectly fine for most people on the network
Very good point, didn't think of this
Offline
Kenni wrote:However, why port 443?
It has it's benefits -- for example when using an untrusted network with strong egress filtering, they may block everything except 80, 443 and 110 which is perfectly fine for most people on the network -- using a high-port in this instance would be blocked, but 443 would still be allowed, and given that SSH is encryted, at a casual glance it would look just like any other SSL traffic that the network admin would expect to see on port 443.
Yea my old school district use to filter traffic this way which worked for me cause it was easy to bypass
Offline