Remote linux administration

Whether you are using Linux on the desktop or as a server, it's still good that you're using Linux. Linux related questions go here.

Moderator: General Moderators

Post Reply
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Remote linux administration

Post by alex.barylski »

Can someone point me to some article on remote linux administration?

I have a desktop setup with Linux and apache running good :) Thank vodka and nickvd ;)

Now I need to get this computer into the basement ASAP but I haven't yet installed PHP/MySQL or others...

My desktop is running RH with KDE and I would like to use this desktop in my room to install and patch, update, etc my server in the basement...

Is this possible? What tools/articlesw would be of interest? Should I just get PHP/SQL installed before I move it down stairs???

Thanks a bunch
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

ssh.
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Post by alex.barylski »

Edit: turns out root login is disabled by default, not sure how to change that as it's only me that accesses these computers...but supposedly I can just su once logged in...thanks for the help

I figured that out...I started playing with HyperTerminal but despite being able to properly locate the computer when I entered my user/pass it choked. So I downloaded putty and tried with that and same thing. It find the server fine, gives me the same prompt I get locally when I boot up the computer, but when I enter my login/password it says login incorrect.

My thoughts are as follows:
1) You cannot login as root user
2) I somehow need to pass the host name in with login credentials (webhost@root & mypassword)

I haven't tried the first option yet (as in seting up another account) but I have tried the latter and nothing worked...

Do I need to setup an SSH server on the linux machine first?

Thanks
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

Do I need to setup an SSH server on the linux machine first?
Something's already telling your putty to display "login incorrect" -> it's almost certain there's already a ssh daemon running ;)
1) You cannot login as root user
log in as a "normal" user and then do a su.
less preferable: You can allow ssh logins for root in /etc/ssh/sshd_config, parameter PermitRootLogin.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

1. Don't allow root logins over SSH. Keep it like it is. Allowing root logins only increases your risk of being broken intoa and rooted.
2. `ssh user@host.tld' or `ssh -l user host.tld'
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Post by alex.barylski »

Hey vodka, got it all sorted out...you wouldn't happen to know how to enable remote root login would you?
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

volka wrote:less preferable: You can allow ssh logins for root in /etc/ssh/sshd_config, parameter PermitRootLogin.
But I agree with
d11wtq wrote:1. Don't allow root logins over SSH. Keep it like it is. Allowing root logins only increases your risk of being broken intoa and rooted.
2. `ssh user@host.tld' or `ssh -l user host.tld'
User avatar
ambivalent
Forum Contributor
Posts: 173
Joined: Thu Apr 14, 2005 8:58 pm
Location: Toronto, ON

Post by ambivalent »

Hockey wrote:Hey vodka, [...]
:?
nickvd
DevNet Resident
Posts: 1027
Joined: Thu Mar 10, 2005 5:27 pm
Location: Southern Ontario
Contact:

Post by nickvd »

I agree with feyd and volka... you NEVER want to allow root to login remotly.. Ever since I setup my webserver at home, i've been deluged with brute force attempts against ssh... Most of them are attempting to force root, but they are also trying random other common names.

Now I have prevented the flood from doing much damage using some iptables filters which limit the number of connections to 2 in a two minute span (it can get annoying, but it's worth it).

I'm also using a fairly strong root password, but if I allowed remote root logins, and they happen to brute force it, i'd be toast. Having it disabled will force any attackers to find another way in, and having only apache and ssh open to the outside, I would be pretty amazed if they could get in (aside from a vulnerable webscript of course).
User avatar
ibbo
Forum Commoner
Posts: 51
Joined: Tue Sep 19, 2006 6:20 am

Post by ibbo »

Edit /etc/ssh/sshd_config

find and change

PermitRootLogin no
to
PermitRootLogin yes

Its not advisable as already mentioned but you can get around been brute forced by changing the port from 22. You can also make some key pairs and login suppliing passwords etc.

Ibbo
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

Hockey, when using root on *nix you'll find you can't use root as a normal userid, a lot of the 'options' that are readily available for normal ID's will not be available. You will also find in a lot of companies now, that such practices are infact 'illegal' and all users must use sudo, for compliance with SarBox regulations.

Even when using root on your workstation, it is easier to use a normal id and then "su -" when you need root to perform an action. Sudo makes this even easier.
Post Reply