Monday, January 26, 2009

Disable root ssh...

I've been wanted to run my own testing server. Finally, I set it up today. Sign up an account in Set up some setting in my wifi router so it can update my dynamic IP regular. After some configuration, that's it! It was like 10mins work. ssh works, tunneling works, sftp works.. nice!

But of course, having a server that would let people connect to it is quite dangerous. Especially, it's my home network. I was lucky enough to see Professor Raymond Chan online.. oh.. i'm not gonna miss the chance, right? SO, I asked him the best way to setup the iptables. So, I drop all incoming, except ssh port. I'm gonna open port 80 so I can play apache server a bit. ^^ And on my router side, I set more security options in my router. I may setup a VPN or something, just incase if someone hack into my server. They can't access some of my Windows machine.

Then, did some testing from different network... from cdot machines, from my iPhone.. cool.. it worked! But connecting from iPhone needs some trick. The trick is have to make sure the iPhone has an IP first. It's kinda weired...

When I was testing the login, I almost forgot to test if I could ssh with root.. oh.. yeah.. gotta disable it. 30second search on net, found the disable root login. I would love to share with any one...

= First, make sure u have root privilege, u can either use "sudo" or "su -".. then...
vi /etc/ssh/sshd_config
= find the following line.. remove "#" and change "yes" to "no"
PermitRootLogin no
= save and test!!

That's it!

At this point, I'm not sure what I'll be testing on it.. Apache, of course.. I may set up a small Beowulf cluster if it's possible. I hope I'll able to run VM in this machine.. but this machine is only like 700mhz AMD CPU with 512 ram.. it'd be really slow to run VM.

Ideally, I should put this server in front of my home network. Set it as a router with strong firewall protection, put my home network be hide it. I don't have a real plan for this yet... Lets see if I have time for it... ^^

No comments: