Author Topic: Best Way To Transfer Files To The Z Over A Netwok (Read 87860 times)

Da_Blitz · « **Reply #60 on:** March 16, 2007, 06:53:09 am »

Quote

don't see anything related to accepting or dropping a request.

firewall?

Capn_Fish · « **Reply #61 on:** March 16, 2007, 07:58:45 am »

Considering I haven't set up a firewall, I don't think so. It worked last time (same setup) without tweaking any firewall options.

Capn_Fish · « **Reply #62 on:** March 31, 2007, 07:32:26 pm »

Well, I just tried it again (after reflashing numerous times in between), and it worked. I also changed the location of the authorized_keys folder on the server to /root/.ssh/, so that may have helped.

desertrat · « **Reply #63 on:** March 31, 2007, 10:19:53 pm »

Quote

I also changed the location of the authorized_keys folder on the server to /root/.ssh/, so that may have helped.

If you are logging in as root on the server then yes I think it would have helped. May I ask where was it before you moved it?

Capn_Fish · « **Reply #64 on:** March 31, 2007, 10:24:32 pm »

Quote

Quote
I also changed the location of the authorized_keys folder on the server to /root/.ssh/, so that may have helped.
If you are logging in as root on the server then yes I think it would have helped. May I ask where was it before you moved it?
[div align=\"right\"][a href=\"index.php?act=findpost&pid=157698\"][{POST_SNAPBACK}][/a][/div]

It was in my normal user's home dir (/home/USERNAME/.ssh/).

Da_Blitz · « **Reply #65 on:** March 31, 2007, 11:14:14 pm »

wait you werent trying to ssh in as root@z with your authorised keys in you $HOME/.ssh/authorised keys were you?

putting your key in the authorised keys file in your home dir only allows you to log in as that user

Capn_Fish · « **Reply #66 on:** April 01, 2007, 10:11:44 am »

Quote

wait you werent trying to ssh in as root@z with your authorised keys in you $HOME/.ssh/authorised keys were you?

putting your key in the authorised keys file in your home dir only allows you to log in as that user
[div align=\"right\"][a href=\"index.php?act=findpost&pid=157704\"][{POST_SNAPBACK}][/a][/div]

I guess I figured that out the hard way...

Da_Blitz · « **Reply #67 on:** April 01, 2007, 09:35:45 pm »

dant worry, i do that every second week when i log into a machine that i havent uploaded my ,ssh/config file to (and the usernames are diffrent)

Capn_Fish · « **Reply #68 on:** April 06, 2007, 11:12:31 pm »

Everything is working really well, but I now want more security, meaning I want to set up a firewall/port knocking on my server, starting with the firewall. Are there any good tutorials for this, or can somebody provide one?

Thanks.

speculatrix · « **Reply #69 on:** April 07, 2007, 04:35:51 am »

Quote

Everything is working really well, but I now want more security, meaning I want to set up a firewall/port knocking on my server, starting with the firewall. Are there any good tutorials for this, or can somebody provide one?

Thanks.
[div align=\"right\"][a href=\"index.php?act=findpost&pid=158150\"][{POST_SNAPBACK}][/a][/div]

if possible use iptables to permit ssh only from IPs you trust all the time and use port knocking if you login from other places - see my website for port knocking.

general advice is to use 2048 bit ssh keys ("ssh-keygen -t rsa -b 2048"), ensure sshd_config on the machine doesn't allow root ("PermitRoot no" or something), disable plain text/interactive logins to force pre-shared keys only.

ensure .ssh directories and files therein have no group/other access.

cacko has stateful inspection modules too, so search the forum for iptables for useful scripts.

Capn_Fish · « **Reply #70 on:** April 07, 2007, 11:41:19 am »

Quote

Quote
Everything is working really well, but I now want more security, meaning I want to set up a firewall/port knocking on my server, starting with the firewall. Are there any good tutorials for this, or can somebody provide one?

Thanks.
[div align=\"right\"][a href=\"index.php?act=findpost&pid=158150\"][{POST_SNAPBACK}][/a][/div]

if possible use iptables to permit ssh only from IPs you trust all the time and use port knocking if you login from other places - see my website for port knocking.

general advice is to use 2048 bit ssh keys ("ssh-keygen -t rsa -b 2048"), ensure sshd_config on the machine doesn't allow root ("PermitRoot no" or something), disable plain text/interactive logins to force pre-shared keys only.

ensure .ssh directories and files therein have no group/other access.

cacko has stateful inspection modules too, so search the forum for iptables for useful scripts.
[div align=\"right\"][a href=\"index.php?act=findpost&pid=158157\"][{POST_SNAPBACK}][/a][/div]

I had ruled out the whole only accepting from certain ip addresses, as they change on me occasionally, but I CAN set static IP addresses.

And about the IPTables thing...I believe I need a total n00b guide, as I have NO clue how to use it. Do you know of any good guides? Or is it easy enough for you to just write one up here?

Thanks for your help.

speculatrix · « **Reply #71 on:** April 07, 2007, 05:51:50 pm »

Quote

And about the IPTables thing...I believe I need a total n00b guide, as I have NO clue how to use it. Do you know of any good guides? Or is it easy enough for you to just write one up here?

Thanks for your help.
[div align=\"right\"][a href=\"index.php?act=findpost&pid=158172\"][{POST_SNAPBACK}][/a][/div]

well, there are many many tutorials and basic examples of firewall scripts using iptables, so I would say "JGI" or just google it.

Capn_Fish · « **Reply #72 on:** April 07, 2007, 06:14:24 pm »

Quote

Quote
And about the IPTables thing...I believe I need a total n00b guide, as I have NO clue how to use it. Do you know of any good guides? Or is it easy enough for you to just write one up here?

Thanks for your help.
[div align=\"right\"][a href=\"index.php?act=findpost&pid=158172\"][{POST_SNAPBACK}][/a][/div]

well, there are many many tutorials and basic examples of firewall scripts using iptables, so I would say "JGI" or just google it.
[div align=\"right\"][a href=\"index.php?act=findpost&pid=158207\"][{POST_SNAPBACK}][/a][/div]

I've looked some, but they seem confusing. I'm truly a n00b in this area, so any pointers would be much appreciated.

desertrat · « **Reply #73 on:** April 08, 2007, 12:15:45 am »

Quote

I've looked some, but they seem confusing. I'm truly a n00b in this area, so any pointers would be much appreciated.

Shorewall is a very good, easy[1] to setup firewall builder. It has extensive, well written documents.
http://www.shorewall.net

[1] although the latest versions seems to be getting a bit more complicated because of the all the new features being added.

speculatrix · « **Reply #74 on:** April 08, 2007, 02:57:59 pm »

the netfilter site, home to iptables, is pretty good.
the snag is there's so much documentation, it's knowing where to start, so try here:
http://www.netfilter.org/documentation/ind...mentation-howto

the main page of docs is here:
http://www.netfilter.org/documentation/ind...mentation-howto

just search the page for "English"!

The key thing with the filter is to stop inbound and forwarded traffic, but you can allow IP packets related to existing connections; this is easy with TCP but for UDP the network stack needs to observe activity and remember its own "state"

thus the minimal firewall for the Zaurus would be

iptables -A FORWARD -j DROP
iptables -A OUTPUT -j ACCEPT
iptables -A INPUT -m state --state established,related -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -j REJECT

this basically says we don't forward, we allow everything OUT, and we only allow existing connection and new ssh IN. The command "iptables -A" means append a rule, the FORWARD, OUTPUT and INPUT say to which filter we append, the rest is guessable.

HTH
Paul

News:

Author Topic: Best Way To Transfer Files To The Z Over A Netwok (Read 87860 times)