Ubuntu server - remote admin

A[L]C

A[L]C

A[L]C

Soldato
Joined
18 Oct 2002
Posts
7,508
Location
Maidenhead
Hi all,

I've just installed ubuntu server on my microserver and was wondering if there is any remote console software that I can use? Sort of like teamviewer is for windows

Thanks
 
Well I wouldn't ... but there are various things you can do to help mitigate like not running it on port 22 (or running on port 22 but doing things with port forwarding on your router so it doesn't appear externally on that port), using key based authentication rather than passwords or depending on what else you have then VPN in and then SSH through like normal ...
 
SSH exposed is a little risky, but you can do a lot to reduce the risk. Ubuntu has a nice little page on this https://help.ubuntu.com/community/SSH/OpenSSH/Configuring

Most important things (IMO) are 1. double check that it's not possible to log in as root (see PermitRootLogin), and 2. disable password authentication in favour of key-based.

If you are the only person using the server you can make yourself a 2048 bit key (or more) and practically guarantee that it's impossible for anyone else to get in. The only remaining risk being exploits in SSH etc., but they're out of your control.

If you want the desktop environment you can easily tunnel VNC over SSH.
 
lamboman said:
Technically you can do this however you want, but if you want to do it right: https://tools.ietf.org/html/rfc6335#section-6

Select a port from the Dynamic/Private/Ephermeral range. Set a port forward up from an external port between 49152 and 65535 to 22 of Ubuntu machine.
Click to expand...

This is always a matter of contention - if you're extremely paranoid then setting custom ports might be worthwhile, but disabling root login and password auth are *far* more valuable things to do from a security standpoint.

I've had a few port 22 SSH instances open to the world for years and given those precautions had no issues.

For me, remembering the damn port and typing -p 12345 on the end of every ssh or scp command is far more bother than it's worth.

Or, run an OpenVPN instance and expose that on port 443 - which is useful for getting through the more restrictive firewalls in some places and nobody seems to bother trying much against exposed tcp/443 for various reasons...
 
1 - Custom SSH Port
2 - Disable root login and use another somewhat random username (not necessarily characters, just not something like "admin").
3 - Firewall including bruteforce protection i.e: ConfigServer Security & Firewall

Done.
 
Or knockd is a clever option - I'd rate it above random ports as it is IP specific...

Still too much hassle in my opinion and key based auth on port 22 is perfectly sufficient, but it's an option...
 
bigredshark said:
For me, remembering the damn port and typing -p 12345 on the end of every ssh or scp command is far more bother than it's worth.
Click to expand...

This basically.

I subscribe to the "security through obscurity is no security at all" camp. Just keep it on port 22 with only key-based authentication and the chances of intrusion are practically zero.
 
Plenty O'Toole said:
1 - Custom SSH Port
2 - Disable root login and use another somewhat random username (not necessarily characters, just not something like "admin").
3 - Firewall including bruteforce protection i.e: ConfigServer Security & Firewall

Done.
Click to expand...

1. meh
2. create no root account, no password login at all. using keys
3. meh, fail2ban
 
You must log in or register to reply here.
Back
Top Bottom