Page 1 of 1

Remote linux administration

Posted: Sun Sep 17, 2006 3:19 pm
by alex.barylski
Can someone point me to some article on remote linux administration?

I have a desktop setup with Linux and apache running good :) Thank vodka and nickvd ;)

Now I need to get this computer into the basement ASAP but I haven't yet installed PHP/MySQL or others...

My desktop is running RH with KDE and I would like to use this desktop in my room to install and patch, update, etc my server in the basement...

Is this possible? What tools/articlesw would be of interest? Should I just get PHP/SQL installed before I move it down stairs???

Thanks a bunch

Posted: Sun Sep 17, 2006 3:25 pm
by feyd
ssh.

Posted: Sun Sep 17, 2006 4:08 pm
by alex.barylski
Edit: turns out root login is disabled by default, not sure how to change that as it's only me that accesses these computers...but supposedly I can just su once logged in...thanks for the help

I figured that out...I started playing with HyperTerminal but despite being able to properly locate the computer when I entered my user/pass it choked. So I downloaded putty and tried with that and same thing. It find the server fine, gives me the same prompt I get locally when I boot up the computer, but when I enter my login/password it says login incorrect.

My thoughts are as follows:
1) You cannot login as root user
2) I somehow need to pass the host name in with login credentials (webhost@root & mypassword)

I haven't tried the first option yet (as in seting up another account) but I have tried the latter and nothing worked...

Do I need to setup an SSH server on the linux machine first?

Thanks

Posted: Sun Sep 17, 2006 4:46 pm
by volka
Do I need to setup an SSH server on the linux machine first?
Something's already telling your putty to display "login incorrect" -> it's almost certain there's already a ssh daemon running ;)
1) You cannot login as root user
log in as a "normal" user and then do a su.
less preferable: You can allow ssh logins for root in /etc/ssh/sshd_config, parameter PermitRootLogin.

Posted: Sun Sep 17, 2006 5:13 pm
by Chris Corbyn
1. Don't allow root logins over SSH. Keep it like it is. Allowing root logins only increases your risk of being broken intoa and rooted.
2. `ssh user@host.tld' or `ssh -l user host.tld'

Posted: Sun Sep 17, 2006 5:15 pm
by alex.barylski
Hey vodka, got it all sorted out...you wouldn't happen to know how to enable remote root login would you?

Posted: Sun Sep 17, 2006 5:31 pm
by volka
volka wrote:less preferable: You can allow ssh logins for root in /etc/ssh/sshd_config, parameter PermitRootLogin.
But I agree with
d11wtq wrote:1. Don't allow root logins over SSH. Keep it like it is. Allowing root logins only increases your risk of being broken intoa and rooted.
2. `ssh user@host.tld' or `ssh -l user host.tld'

Posted: Sun Sep 17, 2006 9:05 pm
by ambivalent
Hockey wrote:Hey vodka, [...]
:?

Posted: Sun Sep 17, 2006 9:16 pm
by nickvd
I agree with feyd and volka... you NEVER want to allow root to login remotly.. Ever since I setup my webserver at home, i've been deluged with brute force attempts against ssh... Most of them are attempting to force root, but they are also trying random other common names.

Now I have prevented the flood from doing much damage using some iptables filters which limit the number of connections to 2 in a two minute span (it can get annoying, but it's worth it).

I'm also using a fairly strong root password, but if I allowed remote root logins, and they happen to brute force it, i'd be toast. Having it disabled will force any attackers to find another way in, and having only apache and ssh open to the outside, I would be pretty amazed if they could get in (aside from a vulnerable webscript of course).

Posted: Tue Sep 19, 2006 7:27 am
by ibbo
Edit /etc/ssh/sshd_config

find and change

PermitRootLogin no
to
PermitRootLogin yes

Its not advisable as already mentioned but you can get around been brute forced by changing the port from 22. You can also make some key pairs and login suppliing passwords etc.

Ibbo

Posted: Tue Sep 19, 2006 7:54 am
by Jenk
Hockey, when using root on *nix you'll find you can't use root as a normal userid, a lot of the 'options' that are readily available for normal ID's will not be available. You will also find in a lot of companies now, that such practices are infact 'illegal' and all users must use sudo, for compliance with SarBox regulations.

Even when using root on your workstation, it is easier to use a normal id and then "su -" when you need root to perform an action. Sudo makes this even easier.