Submitted by rich_c on September 4, 2009 - 6:44am
I’ve been experimenting with remote access to one of my boxes recently. I think I’ve come up with a reasonably secure method of giving any particular remote user as much access as they could possibly need! Here’s how:
Install OpenSSH server and fail2ban and make sure they’re running & will restart on reboot.
Create a user specifically for the purpose of using remotely. Preferably nothing that might get brute force attacked like guest… I used an id with a combination of letters and numbers. The password is also definitely not in any dictionary. Edit sshd.conf to allow only this user to login using ssh.
If applicable, forward port 22 from your router to the target host. Give your remote user the router’s IP address (Or the address you’re visible as from the internet.) along with the user id and password.
The idea is that you can only get access remotely using one id. Once they have access, they can su to their local user id and carry on as normal. For example, the user on my system requiring remote access is in sudoers with his personal id. I certainly didn’t want to give the remote access user id that level of authority…
- rich_c's blog
- Login to post comments
