Arch Linux

Xs1t0ry

Member

From: Canada

Registered: 2007-07-01

Posts: 181

Questions about DNS, SSH and /etc/hosts

I want to be able to ssh into my desktop from my laptop from anywhere. I've done the port forwarding and what not, but now I want to match the IP address of my desktop with a domain name so I can put that in /etc/hosts. I heard there are several free services for doing this. I plan on using bind for this. Will that be okay?

Moreover, once you make a domain name, why in /etc/hosts do we have

<static ip>  <hostname.domainname> <hostname>

What is the point of having a domain name if we already have the IP right there? Seems like unnecessary work. When you do 'ssh hostname' why can't ssh look in /etc/hosts just look at the ip associated with that hostname and then ask the ip address directly?

Unrelated, but why in the ArchWiki beginner's guide does it suggest to add your hostname to the first line of /etc/hosts like this

127.0.0.1 localhost.localdomain.org localhost hostname

From what I know about /etc/hosts I don't see exactly what this line does.

Also, I don't have a static IP but if I leave my PC on all the time, my ISP won't change the IP address on me right? I mean how could they. If I never disconnect and reconnect, I never need to grab a new IP address out of the pool of available ones, right? So basically if you never turn your PC off, would it basically be like 'static IP?' Most ISP charge extra to have a static IP around here so I'd like to avoid that. Uptime is good anyways. If so, your internal ip address would be static as well, right? I need it to be static to make the port forwarding stick.

Also, is bind the best program for matching an IP address to a domain name? Are there other (better) free ones?
If I do use bind, I need to use LVM in order to modprobe capability. Does activating LVM on a fully configured system mess anything up? (I am just afraid because I have a lot of partitions and with different filesystems, too and I know LVM does something with partitions and filesystems and virtual mount points and stuff).

If I have any flaws in my idea of how this works, please point them out. It is as follows:

1. get ssh and choose a port to use
2. on your router, forward that port to the pc you want to ssh into by using its internal ip address
3. allow sshd connections on the pc
3. on my laptop, bind the ip address of my pc to a domain name using some dns service
4. add "<ip> <hostname.domainname> <hostname>" as a line in the laptop's /etc/hosts. This will match your hostname to the appropriate ip and so when you do "ssh hostname", ssh knows which ip to go to by looking at /etc/hosts, and from the ip knows which pc to go to since we forwarded a port at that ip address to a specific pc

ie. ssh: laptop > hostname > domain name > ip address > port > pc

As for security, if in my pc that I ssh into, I put "sshd: ALL" in /etc/hosts is that fairly secure as long as I have a strong password, obscure port (like up in the high thousands) and disallow root access?

Also, what is the range of ports that ssh will accept? I heard it was 0-16000 from one person and 0-64000 from another.

Thanks!

Last edited by Xs1t0ry (2010-02-12 07:56:50)

thestinger

Package Maintainer (PM)

From: Toronto, Canada

Registered: 2010-01-23

Posts: 478

Re: Questions about DNS, SSH and /etc/hosts

if you have a dynamic IP, it would likely be changed if you turned off/reset the modem or router (possibly the computer, but only if you use pppoe/other to connect)

you'll probably end up with a new IP every now and then (depends on the ISP - bell canada seems to refresh it at least once a week)

on top of that, home modems/routers are notorious for rebooting themselves and lots of ISPs push modem firmware updates over the internet without your knowledge

Xs1t0ry

Member

From: Canada

Registered: 2007-07-01

Posts: 181

Re: Questions about DNS, SSH and /etc/hosts

So my IP could randomly change even while my pc is connected to the network?? That's weird; does that mean your computer sends out a signal to refresh the ip once every little while?

Sin.citadel

Member

Registered: 2008-01-22

Posts: 267

Re: Questions about DNS, SSH and /etc/hosts

Please correct me if i am wrong, but assuming that you laptop is on another network, and u need it to connect it to your pc using ssh.

First, the External IP Address only changes if the connection is somehow dropped (e.g, ADSL signal became un-sync'ed) or closed. it doesnt change automatically on its own. if the modem was rebooted, whether by you or the ISP or whomever, only then will the IP change.

What you need, is to sign up to a service which provides mapping of ip addresses to dns names, notably www.no-ip.com, and then install its linux client on ur arch box. the client automatically refreshes ur IP Address with the no-ip servers, so even if your connection is dropped, you will still be able to connect.

For your laptop, dont change any settings in its /etc/hosts file, thats only relevant if you had a static ip address.

Xs1t0ry

Member

From: Canada

Registered: 2007-07-01

Posts: 181

Re: Questions about DNS, SSH and /etc/hosts

Thank you for the reply. I did a quick search here http://www.linux.com/archive/feed/55541 and it says "Sign up with a free service -- There are way too many of these companies to waste $10 a month on one service when identical service is free elsewhere." So I think I will try DynDNS. Unless there is a better solution?

Also, what are the highest port number you can use with ssh?

thestinger

Package Maintainer (PM)

From: Toronto, Canada

Registered: 2010-01-23

Posts: 478

Re: Questions about DNS, SSH and /etc/hosts

you should use a port below 1024 for something like ssh - but you could use any port you wanted if you didn't care about security

a port that isn't commonly used for anything is a good choice (less likely to be scanned, or used by another program, etc.)

AlexS

Member

From: Munich, Germany

Registered: 2009-05-16

Posts: 114

Re: Questions about DNS, SSH and /etc/hosts

I think I will try DynDNS. Unless there is a better solution?

DynDNS + ddclient works nicely for me...:

jowilkin

Member

Registered: 2009-05-07

Posts: 243

Re: Questions about DNS, SSH and /etc/hosts

DynDNS works great for me also.  There are a few programs to update for you, I use ez-ipupdate, but ddclient also works.