How can I setup SSH so that it is restricted to my local network?
Clash Royale CLAN TAG#URR8PPP up vote
25
down vote
favorite
I'm trying to link my new laptop running 11.10 to my old laptop running 8.04 through my router using SSH.
This question is asked and answered on ubuntuforums here:
http://ubuntuforums.org/showthread.php?t=1648965
I thought it would be helpful to have a more definitive answer here.
Note: I needed to first install openssh-server on the laptop I was trying to connect to and open up the SSH port in my firewall using firestarter.
11.10 networking lan
asked Mar 25 '12 at 18:08
klenwell
1,37931725
add a comment |Â
up vote
25
down vote
favorite
I'm trying to link my new laptop running 11.10 to my old laptop running 8.04 through my router using SSH.
This question is asked and answered on ubuntuforums here:
http://ubuntuforums.org/showthread.php?t=1648965
I thought it would be helpful to have a more definitive answer here.
Note: I needed to first install openssh-server on the laptop I was trying to connect to and open up the SSH port in my firewall using firestarter.
11.10 networking lan
asked Mar 25 '12 at 18:08
klenwell
1,37931725
can you please tell us what is not "definitive" enough about slooow's answer on that thread? Otherwise your question seems to ambiguous.
– d_inevitable
Mar 25 '12 at 18:25
@d_inevitable For one, it's not the only answer and it's not otherwise indicated as the correct one. It's the one I would have chosen, but this is why I thought it'd be useful to migrate this question. It might also help to include general directions, or a helpful link, on configuring SSH between two local machines.
– klenwell
Mar 25 '12 at 18:43
add a comment |Â
up vote
25
down vote
favorite
up vote
25
down vote
favorite
I'm trying to link my new laptop running 11.10 to my old laptop running 8.04 through my router using SSH.
This question is asked and answered on ubuntuforums here:
http://ubuntuforums.org/showthread.php?t=1648965
I thought it would be helpful to have a more definitive answer here.
Note: I needed to first install openssh-server on the laptop I was trying to connect to and open up the SSH port in my firewall using firestarter.
11.10 networking lan
asked Mar 25 '12 at 18:08
klenwell
1,37931725
I'm trying to link my new laptop running 11.10 to my old laptop running 8.04 through my router using SSH.
This question is asked and answered on ubuntuforums here:
http://ubuntuforums.org/showthread.php?t=1648965
I thought it would be helpful to have a more definitive answer here.
Note: I needed to first install openssh-server on the laptop I was trying to connect to and open up the SSH port in my firewall using firestarter.
11.10 networking lan
asked Mar 25 '12 at 18:08
klenwell
1,37931725
edited Apr 1 '12 at 7:27
asked Mar 25 '12 at 18:08
klenwell
1,37931725
asked Mar 25 '12 at 18:08
klenwell
1,37931725
asked Mar 25 '12 at 18:08
klenwell
1,37931725
1,37931725
can you please tell us what is not "definitive" enough about slooow's answer on that thread? Otherwise your question seems to ambiguous.
– d_inevitable
Mar 25 '12 at 18:25
@d_inevitable For one, it's not the only answer and it's not otherwise indicated as the correct one. It's the one I would have chosen, but this is why I thought it'd be useful to migrate this question. It might also help to include general directions, or a helpful link, on configuring SSH between two local machines.
– klenwell
Mar 25 '12 at 18:43
add a comment |Â
can you please tell us what is not "definitive" enough about slooow's answer on that thread? Otherwise your question seems to ambiguous.
– d_inevitable
Mar 25 '12 at 18:25
@d_inevitable For one, it's not the only answer and it's not otherwise indicated as the correct one. It's the one I would have chosen, but this is why I thought it'd be useful to migrate this question. It might also help to include general directions, or a helpful link, on configuring SSH between two local machines.
– klenwell
Mar 25 '12 at 18:43
can you please tell us what is not "definitive" enough about slooow's answer on that thread? Otherwise your question seems to ambiguous.
– d_inevitable
Mar 25 '12 at 18:25
can you please tell us what is not "definitive" enough about slooow's answer on that thread? Otherwise your question seems to ambiguous.
– d_inevitable
Mar 25 '12 at 18:25
@d_inevitable For one, it's not the only answer and it's not otherwise indicated as the correct one. It's the one I would have chosen, but this is why I thought it'd be useful to migrate this question. It might also help to include general directions, or a helpful link, on configuring SSH between two local machines.
– klenwell
Mar 25 '12 at 18:43
@d_inevitable For one, it's not the only answer and it's not otherwise indicated as the correct one. It's the one I would have chosen, but this is why I thought it'd be useful to migrate this question. It might also help to include general directions, or a helpful link, on configuring SSH between two local machines.
– klenwell
Mar 25 '12 at 18:43
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
37
down vote
accepted
You can restrict access to your ssh server in many ways.
IMO the most important is to use ssh keys and disable password authentication.
See the following wiki pages for details
https://help.ubuntu.com/community/SSH/OpenSSH/Keys
https://help.ubuntu.com/community/SSH/OpenSSH/Configuring#Disable_Password_Authentication
You can restrict access to a specific subnet in several ways. I will assume your ssh server is on subnet 192.168.0.0/16 with an ip address of 192.168.0.10 , adjust accordingly ;)
Router
One line of defense is to use a router. Be sure to disable UPnP and do not allow port forwarding.
SSH configuration
You can set several options in /etc/ssh/sshd_config. One is the listen address. If You set a listen address on your subnet. A private ip address is not routable over the internet.
http://compnetworking.about.com/od/workingwithipaddresses/f/privateipaddr.htm
ListenAddress 192.168.0.10
You can also use the AllowUsers
AllowUsers you@192.168.0.0/16
Somewhat related, you can also change the port
Port 1234
See http://manpages.ubuntu.com/manpages/precise/man5/sshd_config.5.html
TCP wrapper
As outlined on the forums post, you can use TCP Wrapper . TCP wrapper uses 2 files, /etc/hosts.allow and /etc/hosts.deny
Edit /etc/hosts.allow and add your subnet
sshd : 192.168.0.
Edit /etc/hosts.deny , and deny all
ALL : ALL
See also http://ubuntu-tutorials.com/2007/09/02/network-security-with-tcpwrappers-hostsallow-and-hostsdeny/
Firewall
Last you can firewall your server. You can use iptables, ufw, or gufw.
iptables
sudo iptables -I INPUT -p tcp --dport 22 -s 192.168.0.0/16 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -j REJECT
Please do not use DROP in iptables, see http://www.chiark.greenend.org.uk/~peterb/network/drop-vs-reject
ufw
sudo ufw allow from 192.168.0.0/16 to any port 22
gufw has a graphical interface
See
https://help.ubuntu.com/community/UFW
https://help.ubuntu.com/community/IptablesHowTo
answered Mar 25 '12 at 19:08
Panther
74.8k10149256
Some networks use 10.0.0.0 as IP address, in that case substitute 192.168.0.0/24 for 10.0.0.0/8 to allow for the range 10.0.0.0-10.255.255.255. If you want to allow a single IP only, use something like 192.168.1.2/32. A very verbose explanation can be found on [serverfault.com/q/49765/51929](How does Subnetting Work?)
– Lekensteyn
Apr 1 '12 at 8:32
1
Please do not use DROP in iptables - See chiark.greenend.org.uk/~peterb/network/drop-vs-reject
– Panther
Mar 3 '14 at 16:46
That page does not mention spoofed IPs as a possible reason to use DROP over REJECT. This answer on Sec.SE explains why it is not really relevant though (the source packets are larger than the returned packets).
– Lekensteyn
Mar 3 '14 at 17:35
@Lekensteyn - I did not see a discussion for spoofed IP in that link. As you suggest, DDoS and spoofed IP are beyond this discussion and I am not convinced DROP is superior to REJECT for much of anything. DDos are complex and without information on the cause of the DDos it is impossible to defend. For example, I have seen WP used as a DDoS and solving the problem is in proper configuration of WP and little or nothing to do with iptables.
– Panther
Oct 5 '15 at 15:23
ListenAddressseems like the simplest and most elegant solution
– code_monk
Oct 6 '16 at 1:32
add a comment |Â
up vote
1
down vote
ssh(secure shell) is used to access and transfer data securely(used RSA_KEYS pair).
You can access data using ssh in two ways 1. Command line 2. using file browser
Command Line: For this you don't need to install anything. First task is log-in into other computer.
ssh other_computer_username@other_computer_ip
This command will ask for a password which is the other computer's password(for specific user-name). You have just logged in to other computer's shell. Think this terminal is like your computer shell terminal. You can do everything using shell to other computer that can you do in your computer
File browser: You need to install openssh-server
sudo apt-get install openssh-server
To log-in go to file->connectToServer
answered Mar 25 '12 at 18:43
shantanu
4,376104885
Command line directions were the first thing I tried. I was able to ping my other computer at its LAN IP. But when I try to SSH, it hangs. So I assume I have to configure my other computer to allow SSH access first.
– klenwell
Mar 25 '12 at 18:51
make sure that your router does not block 22 port or ssh
– shantanu
Mar 25 '12 at 19:42
thanks. I already knew everything you mentioned from experience, but it was a great ease to hear it simple and structured from someone else.
– lakesare
Jul 30 '15 at 14:39
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
37
down vote
accepted
You can restrict access to your ssh server in many ways.
IMO the most important is to use ssh keys and disable password authentication.
See the following wiki pages for details
https://help.ubuntu.com/community/SSH/OpenSSH/Keys
https://help.ubuntu.com/community/SSH/OpenSSH/Configuring#Disable_Password_Authentication
You can restrict access to a specific subnet in several ways. I will assume your ssh server is on subnet 192.168.0.0/16 with an ip address of 192.168.0.10 , adjust accordingly ;)
Router
One line of defense is to use a router. Be sure to disable UPnP and do not allow port forwarding.
SSH configuration
You can set several options in /etc/ssh/sshd_config. One is the listen address. If You set a listen address on your subnet. A private ip address is not routable over the internet.
http://compnetworking.about.com/od/workingwithipaddresses/f/privateipaddr.htm
ListenAddress 192.168.0.10
You can also use the AllowUsers
AllowUsers you@192.168.0.0/16
Somewhat related, you can also change the port
Port 1234
See http://manpages.ubuntu.com/manpages/precise/man5/sshd_config.5.html
TCP wrapper
As outlined on the forums post, you can use TCP Wrapper . TCP wrapper uses 2 files, /etc/hosts.allow and /etc/hosts.deny
Edit /etc/hosts.allow and add your subnet
sshd : 192.168.0.
Edit /etc/hosts.deny , and deny all
ALL : ALL
See also http://ubuntu-tutorials.com/2007/09/02/network-security-with-tcpwrappers-hostsallow-and-hostsdeny/
Firewall
Last you can firewall your server. You can use iptables, ufw, or gufw.
iptables
sudo iptables -I INPUT -p tcp --dport 22 -s 192.168.0.0/16 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -j REJECT
Please do not use DROP in iptables, see http://www.chiark.greenend.org.uk/~peterb/network/drop-vs-reject
ufw
sudo ufw allow from 192.168.0.0/16 to any port 22
gufw has a graphical interface
See
https://help.ubuntu.com/community/UFW
https://help.ubuntu.com/community/IptablesHowTo
answered Mar 25 '12 at 19:08
Panther
74.8k10149256
Some networks use 10.0.0.0 as IP address, in that case substitute 192.168.0.0/24 for 10.0.0.0/8 to allow for the range 10.0.0.0-10.255.255.255. If you want to allow a single IP only, use something like 192.168.1.2/32. A very verbose explanation can be found on [serverfault.com/q/49765/51929](How does Subnetting Work?)
– Lekensteyn
Apr 1 '12 at 8:32
1
Please do not use DROP in iptables - See chiark.greenend.org.uk/~peterb/network/drop-vs-reject
– Panther
Mar 3 '14 at 16:46
That page does not mention spoofed IPs as a possible reason to use DROP over REJECT. This answer on Sec.SE explains why it is not really relevant though (the source packets are larger than the returned packets).
– Lekensteyn
Mar 3 '14 at 17:35
@Lekensteyn - I did not see a discussion for spoofed IP in that link. As you suggest, DDoS and spoofed IP are beyond this discussion and I am not convinced DROP is superior to REJECT for much of anything. DDos are complex and without information on the cause of the DDos it is impossible to defend. For example, I have seen WP used as a DDoS and solving the problem is in proper configuration of WP and little or nothing to do with iptables.
– Panther
Oct 5 '15 at 15:23
ListenAddressseems like the simplest and most elegant solution
– code_monk
Oct 6 '16 at 1:32
add a comment |Â
up vote
37
down vote
accepted
You can restrict access to your ssh server in many ways.
IMO the most important is to use ssh keys and disable password authentication.
See the following wiki pages for details
https://help.ubuntu.com/community/SSH/OpenSSH/Keys
https://help.ubuntu.com/community/SSH/OpenSSH/Configuring#Disable_Password_Authentication
You can restrict access to a specific subnet in several ways. I will assume your ssh server is on subnet 192.168.0.0/16 with an ip address of 192.168.0.10 , adjust accordingly ;)
Router
One line of defense is to use a router. Be sure to disable UPnP and do not allow port forwarding.
SSH configuration
You can set several options in /etc/ssh/sshd_config. One is the listen address. If You set a listen address on your subnet. A private ip address is not routable over the internet.
http://compnetworking.about.com/od/workingwithipaddresses/f/privateipaddr.htm
ListenAddress 192.168.0.10
You can also use the AllowUsers
AllowUsers you@192.168.0.0/16
Somewhat related, you can also change the port
Port 1234
See http://manpages.ubuntu.com/manpages/precise/man5/sshd_config.5.html
TCP wrapper
As outlined on the forums post, you can use TCP Wrapper . TCP wrapper uses 2 files, /etc/hosts.allow and /etc/hosts.deny
Edit /etc/hosts.allow and add your subnet
sshd : 192.168.0.
Edit /etc/hosts.deny , and deny all
ALL : ALL
See also http://ubuntu-tutorials.com/2007/09/02/network-security-with-tcpwrappers-hostsallow-and-hostsdeny/
Firewall
Last you can firewall your server. You can use iptables, ufw, or gufw.
iptables
sudo iptables -I INPUT -p tcp --dport 22 -s 192.168.0.0/16 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -j REJECT
Please do not use DROP in iptables, see http://www.chiark.greenend.org.uk/~peterb/network/drop-vs-reject
ufw
sudo ufw allow from 192.168.0.0/16 to any port 22
gufw has a graphical interface
See
https://help.ubuntu.com/community/UFW
https://help.ubuntu.com/community/IptablesHowTo
answered Mar 25 '12 at 19:08
Panther
74.8k10149256
Some networks use 10.0.0.0 as IP address, in that case substitute 192.168.0.0/24 for 10.0.0.0/8 to allow for the range 10.0.0.0-10.255.255.255. If you want to allow a single IP only, use something like 192.168.1.2/32. A very verbose explanation can be found on [serverfault.com/q/49765/51929](How does Subnetting Work?)
– Lekensteyn
Apr 1 '12 at 8:32
1
Please do not use DROP in iptables - See chiark.greenend.org.uk/~peterb/network/drop-vs-reject
– Panther
Mar 3 '14 at 16:46
That page does not mention spoofed IPs as a possible reason to use DROP over REJECT. This answer on Sec.SE explains why it is not really relevant though (the source packets are larger than the returned packets).
– Lekensteyn
Mar 3 '14 at 17:35
@Lekensteyn - I did not see a discussion for spoofed IP in that link. As you suggest, DDoS and spoofed IP are beyond this discussion and I am not convinced DROP is superior to REJECT for much of anything. DDos are complex and without information on the cause of the DDos it is impossible to defend. For example, I have seen WP used as a DDoS and solving the problem is in proper configuration of WP and little or nothing to do with iptables.
– Panther
Oct 5 '15 at 15:23
ListenAddressseems like the simplest and most elegant solution
– code_monk
Oct 6 '16 at 1:32
add a comment |Â
up vote
37
down vote
accepted
up vote
37
down vote
accepted
You can restrict access to your ssh server in many ways.
IMO the most important is to use ssh keys and disable password authentication.
See the following wiki pages for details
https://help.ubuntu.com/community/SSH/OpenSSH/Keys
https://help.ubuntu.com/community/SSH/OpenSSH/Configuring#Disable_Password_Authentication
You can restrict access to a specific subnet in several ways. I will assume your ssh server is on subnet 192.168.0.0/16 with an ip address of 192.168.0.10 , adjust accordingly ;)
Router
One line of defense is to use a router. Be sure to disable UPnP and do not allow port forwarding.
SSH configuration
You can set several options in /etc/ssh/sshd_config. One is the listen address. If You set a listen address on your subnet. A private ip address is not routable over the internet.
http://compnetworking.about.com/od/workingwithipaddresses/f/privateipaddr.htm
ListenAddress 192.168.0.10
You can also use the AllowUsers
AllowUsers you@192.168.0.0/16
Somewhat related, you can also change the port
Port 1234
See http://manpages.ubuntu.com/manpages/precise/man5/sshd_config.5.html
TCP wrapper
As outlined on the forums post, you can use TCP Wrapper . TCP wrapper uses 2 files, /etc/hosts.allow and /etc/hosts.deny
Edit /etc/hosts.allow and add your subnet
sshd : 192.168.0.
Edit /etc/hosts.deny , and deny all
ALL : ALL
See also http://ubuntu-tutorials.com/2007/09/02/network-security-with-tcpwrappers-hostsallow-and-hostsdeny/
Firewall
Last you can firewall your server. You can use iptables, ufw, or gufw.
iptables
sudo iptables -I INPUT -p tcp --dport 22 -s 192.168.0.0/16 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -j REJECT
Please do not use DROP in iptables, see http://www.chiark.greenend.org.uk/~peterb/network/drop-vs-reject
ufw
sudo ufw allow from 192.168.0.0/16 to any port 22
gufw has a graphical interface
See
https://help.ubuntu.com/community/UFW
https://help.ubuntu.com/community/IptablesHowTo
answered Mar 25 '12 at 19:08
Panther
74.8k10149256
You can restrict access to your ssh server in many ways.
IMO the most important is to use ssh keys and disable password authentication.
See the following wiki pages for details
https://help.ubuntu.com/community/SSH/OpenSSH/Keys
https://help.ubuntu.com/community/SSH/OpenSSH/Configuring#Disable_Password_Authentication
You can restrict access to a specific subnet in several ways. I will assume your ssh server is on subnet 192.168.0.0/16 with an ip address of 192.168.0.10 , adjust accordingly ;)
Router
One line of defense is to use a router. Be sure to disable UPnP and do not allow port forwarding.
SSH configuration
You can set several options in /etc/ssh/sshd_config. One is the listen address. If You set a listen address on your subnet. A private ip address is not routable over the internet.
http://compnetworking.about.com/od/workingwithipaddresses/f/privateipaddr.htm
ListenAddress 192.168.0.10
You can also use the AllowUsers
AllowUsers you@192.168.0.0/16
Somewhat related, you can also change the port
Port 1234
See http://manpages.ubuntu.com/manpages/precise/man5/sshd_config.5.html
TCP wrapper
As outlined on the forums post, you can use TCP Wrapper . TCP wrapper uses 2 files, /etc/hosts.allow and /etc/hosts.deny
Edit /etc/hosts.allow and add your subnet
sshd : 192.168.0.
Edit /etc/hosts.deny , and deny all
ALL : ALL
See also http://ubuntu-tutorials.com/2007/09/02/network-security-with-tcpwrappers-hostsallow-and-hostsdeny/
Firewall
Last you can firewall your server. You can use iptables, ufw, or gufw.
iptables
sudo iptables -I INPUT -p tcp --dport 22 -s 192.168.0.0/16 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -j REJECT
Please do not use DROP in iptables, see http://www.chiark.greenend.org.uk/~peterb/network/drop-vs-reject
ufw
sudo ufw allow from 192.168.0.0/16 to any port 22
gufw has a graphical interface
See
https://help.ubuntu.com/community/UFW
https://help.ubuntu.com/community/IptablesHowTo
answered Mar 25 '12 at 19:08
Panther
74.8k10149256
edited Mar 3 '14 at 16:45
answered Mar 25 '12 at 19:08
Panther
74.8k10149256
answered Mar 25 '12 at 19:08
Panther
74.8k10149256
answered Mar 25 '12 at 19:08
Panther
74.8k10149256
74.8k10149256
Some networks use 10.0.0.0 as IP address, in that case substitute 192.168.0.0/24 for 10.0.0.0/8 to allow for the range 10.0.0.0-10.255.255.255. If you want to allow a single IP only, use something like 192.168.1.2/32. A very verbose explanation can be found on [serverfault.com/q/49765/51929](How does Subnetting Work?)
– Lekensteyn
Apr 1 '12 at 8:32
1
Please do not use DROP in iptables - See chiark.greenend.org.uk/~peterb/network/drop-vs-reject
– Panther
Mar 3 '14 at 16:46
That page does not mention spoofed IPs as a possible reason to use DROP over REJECT. This answer on Sec.SE explains why it is not really relevant though (the source packets are larger than the returned packets).
– Lekensteyn
Mar 3 '14 at 17:35
@Lekensteyn - I did not see a discussion for spoofed IP in that link. As you suggest, DDoS and spoofed IP are beyond this discussion and I am not convinced DROP is superior to REJECT for much of anything. DDos are complex and without information on the cause of the DDos it is impossible to defend. For example, I have seen WP used as a DDoS and solving the problem is in proper configuration of WP and little or nothing to do with iptables.
– Panther
Oct 5 '15 at 15:23
ListenAddressseems like the simplest and most elegant solution
– code_monk
Oct 6 '16 at 1:32
add a comment |Â
Some networks use 10.0.0.0 as IP address, in that case substitute 192.168.0.0/24 for 10.0.0.0/8 to allow for the range 10.0.0.0-10.255.255.255. If you want to allow a single IP only, use something like 192.168.1.2/32. A very verbose explanation can be found on [serverfault.com/q/49765/51929](How does Subnetting Work?)
– Lekensteyn
Apr 1 '12 at 8:32
1
Please do not use DROP in iptables - See chiark.greenend.org.uk/~peterb/network/drop-vs-reject
– Panther
Mar 3 '14 at 16:46
That page does not mention spoofed IPs as a possible reason to use DROP over REJECT. This answer on Sec.SE explains why it is not really relevant though (the source packets are larger than the returned packets).
– Lekensteyn
Mar 3 '14 at 17:35
@Lekensteyn - I did not see a discussion for spoofed IP in that link. As you suggest, DDoS and spoofed IP are beyond this discussion and I am not convinced DROP is superior to REJECT for much of anything. DDos are complex and without information on the cause of the DDos it is impossible to defend. For example, I have seen WP used as a DDoS and solving the problem is in proper configuration of WP and little or nothing to do with iptables.
– Panther
Oct 5 '15 at 15:23
ListenAddressseems like the simplest and most elegant solution
– code_monk
Oct 6 '16 at 1:32
Some networks use 10.0.0.0 as IP address, in that case substitute 192.168.0.0/24 for 10.0.0.0/8 to allow for the range 10.0.0.0-10.255.255.255. If you want to allow a single IP only, use something like 192.168.1.2/32. A very verbose explanation can be found on [serverfault.com/q/49765/51929](How does Subnetting Work?)
– Lekensteyn
Apr 1 '12 at 8:32
Some networks use 10.0.0.0 as IP address, in that case substitute 192.168.0.0/24 for 10.0.0.0/8 to allow for the range 10.0.0.0-10.255.255.255. If you want to allow a single IP only, use something like 192.168.1.2/32. A very verbose explanation can be found on [serverfault.com/q/49765/51929](How does Subnetting Work?)
– Lekensteyn
Apr 1 '12 at 8:32
1
1
Please do not use DROP in iptables - See chiark.greenend.org.uk/~peterb/network/drop-vs-reject
– Panther
Mar 3 '14 at 16:46
Please do not use DROP in iptables - See chiark.greenend.org.uk/~peterb/network/drop-vs-reject
– Panther
Mar 3 '14 at 16:46
That page does not mention spoofed IPs as a possible reason to use DROP over REJECT. This answer on Sec.SE explains why it is not really relevant though (the source packets are larger than the returned packets).
– Lekensteyn
Mar 3 '14 at 17:35
That page does not mention spoofed IPs as a possible reason to use DROP over REJECT. This answer on Sec.SE explains why it is not really relevant though (the source packets are larger than the returned packets).
– Lekensteyn
Mar 3 '14 at 17:35
@Lekensteyn - I did not see a discussion for spoofed IP in that link. As you suggest, DDoS and spoofed IP are beyond this discussion and I am not convinced DROP is superior to REJECT for much of anything. DDos are complex and without information on the cause of the DDos it is impossible to defend. For example, I have seen WP used as a DDoS and solving the problem is in proper configuration of WP and little or nothing to do with iptables.
– Panther
Oct 5 '15 at 15:23
@Lekensteyn - I did not see a discussion for spoofed IP in that link. As you suggest, DDoS and spoofed IP are beyond this discussion and I am not convinced DROP is superior to REJECT for much of anything. DDos are complex and without information on the cause of the DDos it is impossible to defend. For example, I have seen WP used as a DDoS and solving the problem is in proper configuration of WP and little or nothing to do with iptables.
– Panther
Oct 5 '15 at 15:23
ListenAddress seems like the simplest and most elegant solution– code_monk
Oct 6 '16 at 1:32
ListenAddress seems like the simplest and most elegant solution– code_monk
Oct 6 '16 at 1:32
add a comment |Â
up vote
1
down vote
ssh(secure shell) is used to access and transfer data securely(used RSA_KEYS pair).
You can access data using ssh in two ways 1. Command line 2. using file browser
Command Line: For this you don't need to install anything. First task is log-in into other computer.
ssh other_computer_username@other_computer_ip
This command will ask for a password which is the other computer's password(for specific user-name). You have just logged in to other computer's shell. Think this terminal is like your computer shell terminal. You can do everything using shell to other computer that can you do in your computer
File browser: You need to install openssh-server
sudo apt-get install openssh-server
To log-in go to file->connectToServer
answered Mar 25 '12 at 18:43
shantanu
4,376104885
Command line directions were the first thing I tried. I was able to ping my other computer at its LAN IP. But when I try to SSH, it hangs. So I assume I have to configure my other computer to allow SSH access first.
– klenwell
Mar 25 '12 at 18:51
make sure that your router does not block 22 port or ssh
– shantanu
Mar 25 '12 at 19:42
thanks. I already knew everything you mentioned from experience, but it was a great ease to hear it simple and structured from someone else.
– lakesare
Jul 30 '15 at 14:39
add a comment |Â
up vote
1
down vote
ssh(secure shell) is used to access and transfer data securely(used RSA_KEYS pair).
You can access data using ssh in two ways 1. Command line 2. using file browser
Command Line: For this you don't need to install anything. First task is log-in into other computer.
ssh other_computer_username@other_computer_ip
This command will ask for a password which is the other computer's password(for specific user-name). You have just logged in to other computer's shell. Think this terminal is like your computer shell terminal. You can do everything using shell to other computer that can you do in your computer
File browser: You need to install openssh-server
sudo apt-get install openssh-server
To log-in go to file->connectToServer
answered Mar 25 '12 at 18:43
shantanu
4,376104885
Command line directions were the first thing I tried. I was able to ping my other computer at its LAN IP. But when I try to SSH, it hangs. So I assume I have to configure my other computer to allow SSH access first.
– klenwell
Mar 25 '12 at 18:51
make sure that your router does not block 22 port or ssh
– shantanu
Mar 25 '12 at 19:42
thanks. I already knew everything you mentioned from experience, but it was a great ease to hear it simple and structured from someone else.
– lakesare
Jul 30 '15 at 14:39
add a comment |Â
up vote
1
down vote
up vote
1
down vote
ssh(secure shell) is used to access and transfer data securely(used RSA_KEYS pair).
You can access data using ssh in two ways 1. Command line 2. using file browser
Command Line: For this you don't need to install anything. First task is log-in into other computer.
ssh other_computer_username@other_computer_ip
This command will ask for a password which is the other computer's password(for specific user-name). You have just logged in to other computer's shell. Think this terminal is like your computer shell terminal. You can do everything using shell to other computer that can you do in your computer
File browser: You need to install openssh-server
sudo apt-get install openssh-server
To log-in go to file->connectToServer
answered Mar 25 '12 at 18:43
shantanu
4,376104885
ssh(secure shell) is used to access and transfer data securely(used RSA_KEYS pair).
You can access data using ssh in two ways 1. Command line 2. using file browser
Command Line: For this you don't need to install anything. First task is log-in into other computer.
ssh other_computer_username@other_computer_ip
This command will ask for a password which is the other computer's password(for specific user-name). You have just logged in to other computer's shell. Think this terminal is like your computer shell terminal. You can do everything using shell to other computer that can you do in your computer
File browser: You need to install openssh-server
sudo apt-get install openssh-server
To log-in go to file->connectToServer
answered Mar 25 '12 at 18:43
shantanu
4,376104885
answered Mar 25 '12 at 18:43
shantanu
4,376104885
answered Mar 25 '12 at 18:43
shantanu
4,376104885
answered Mar 25 '12 at 18:43
shantanu
4,376104885
4,376104885
Command line directions were the first thing I tried. I was able to ping my other computer at its LAN IP. But when I try to SSH, it hangs. So I assume I have to configure my other computer to allow SSH access first.
– klenwell
Mar 25 '12 at 18:51
make sure that your router does not block 22 port or ssh
– shantanu
Mar 25 '12 at 19:42
thanks. I already knew everything you mentioned from experience, but it was a great ease to hear it simple and structured from someone else.
– lakesare
Jul 30 '15 at 14:39
add a comment |Â
Command line directions were the first thing I tried. I was able to ping my other computer at its LAN IP. But when I try to SSH, it hangs. So I assume I have to configure my other computer to allow SSH access first.
– klenwell
Mar 25 '12 at 18:51
make sure that your router does not block 22 port or ssh
– shantanu
Mar 25 '12 at 19:42
thanks. I already knew everything you mentioned from experience, but it was a great ease to hear it simple and structured from someone else.
– lakesare
Jul 30 '15 at 14:39
Command line directions were the first thing I tried. I was able to ping my other computer at its LAN IP. But when I try to SSH, it hangs. So I assume I have to configure my other computer to allow SSH access first.
– klenwell
Mar 25 '12 at 18:51
Command line directions were the first thing I tried. I was able to ping my other computer at its LAN IP. But when I try to SSH, it hangs. So I assume I have to configure my other computer to allow SSH access first.
– klenwell
Mar 25 '12 at 18:51
make sure that your router does not block 22 port or ssh
– shantanu
Mar 25 '12 at 19:42
make sure that your router does not block 22 port or ssh
– shantanu
Mar 25 '12 at 19:42
thanks. I already knew everything you mentioned from experience, but it was a great ease to hear it simple and structured from someone else.
– lakesare
Jul 30 '15 at 14:39
thanks. I already knew everything you mentioned from experience, but it was a great ease to hear it simple and structured from someone else.
– lakesare
Jul 30 '15 at 14:39
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f115940%2fhow-can-i-setup-ssh-so-that-it-is-restricted-to-my-local-network%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
can you please tell us what is not "definitive" enough about slooow's answer on that thread? Otherwise your question seems to ambiguous.
– d_inevitable
Mar 25 '12 at 18:25
@d_inevitable For one, it's not the only answer and it's not otherwise indicated as the correct one. It's the one I would have chosen, but this is why I thought it'd be useful to migrate this question. It might also help to include general directions, or a helpful link, on configuring SSH between two local machines.
– klenwell
Mar 25 '12 at 18:43