Ubuntu Servers :: Set Up A VPN That Is Secure Using Public WiFi ?
Jul 19, 2010
I am going to be away semi permanently and want to create a VPN that will allow me to act as if my laptop was connected to my home network.
All I want is for the drives to be accessible so I can use them for primary access as if they are in the laptop.
Questions:
1. Can I set up a Linux VPN that is secure using public WiFi (or however I connect to the net) when I am on the road?
2. I will be using a desktop (32 bit) as the server, what version of Linux would be best for this?
3. If my server is linux and the server drives are NTFS will they be accessible using a windows machine? (I will be double booting the laptop)
4. I would like to set up a pass-code that is stored on the laptop so that only that machine can get access.
This can be up to 255 characters and encrypted so it would be very hard to break. Even I would not know what it is. (I would store it on a pen drive and be able to recover it from there.)
One more. I might want to add separate users that only have access to their one drive, not the server drive. Is that OK?
the only error message I can find comes from "dmesg|tail"all it shows is "no IPv6 router"any body know what is going on here or where where to look for more clues the next time I get around public wifi Oh the windoze washers and apple polishers don't seem to have any problems at all
I am just about to undergo a new peice of freelance work myself on Bind 9, but it has been ages since I have done this, this was on my own LAN with port 53? Blocked from outside, so mine is not public facing.
But this project is, what should I setup to make this truely secure, just to recap on my thoughts aswell, forward resolving is Domain -> IP is not it? Then Reverse is IP->Domain is not it?
I'm trying to find a secure way to backup files on my Prod Server to Backup Server. It must be automated, so I will need to run a command with cron which will login to Prod Server from Backup Server and backup data. 1. Do you think it would be secure enough to do this by creating an passwordless RSA private key on Backup Server and adding it's public key to authorized_hosts file on Prod Server? I can't think of a way to Automate this without having to enter any passwords without passwordless RSA key. Is there another. more secure way? 2. Should I create a special user for backup, which will only have read access to all files in the directory that I am backing up? If so, How can I run a check that this new backup user indeed has read access to ALL files in the folder that I intent to back up? How can I ensure the backup process will not skip files due to some permission problem? 3. I'm thinking of using rsnapshot tool, which uses rsync.
I have been trying to test the use of X window forwarding over SSH in a cafe. The Cafe's WiFi requires login via a web browser. Using Fedora 11 with Gnome on a Dell Latitude D600 laptop, the wireless works just fine. I am able to use a virtual terminal to ssh to my server at home. NX client/server works also. However, when I change to Run Level 3 on the Laptop in order to use X Window forwarding, wireless networking fails to function. Will wireless networking function at Run Level 3, and if so, how is that accomplished? Also, if I get Wireless to work at Run Level 3, will I be able to login to the free public wifi using Lynx or some other text browser, as I can with IE and Firefox?
I know this has been covered before, and I have searched for two hours with no success. Problem: When trying to connect to public wifi in coffee shops and fast food restaurants, I can connect to the networks fine, but Firefox will not display the page that requires input of a code or terms agreement.
I remember months ago reading something about using the ifup command somehow as a work around, but there must be an easier way.
I'm on Natty Narwhal and wanted to play with ssh but I can't seem to get ssh to work without having to specify a password. I've installed openssh-server. I've generated a public/private key pair:
ssh-keygen
I can see my id_rsa and id_rsa.pub and known_hosts.
am logged in as user pgroarke and simply trying to run ssh on the same box. Regardless of whether I specify either localhost or hostname I still get asked for a password:
ssh -i ~/.ssh/id_rsa.pub pgroarke@spock date pgroarke@spock's password: Here is the relevant contents of my /var/log/auth: Jun 18 16:21:37 spock sshd[30357]: last message repeated 2 times
In my house I have a small computer running ubuntu karmic that works as a server/media center.
I would like to have a folder (my ~/public folder) openly available to the entire world via anonymous ftp.
I have read somewhere that the defauld vsftpd config is basically this: no local user login, anon only and sharing a folder called /home/ftp, but I can't get this to work.
I would like to set up an ubuntu server to forward outside requests directed to different domains to different computers on my local network. The bind is I only have ONE public IP.
Here's an example of what I want to do.
- if a request is sent to www.first-domain.com, I want to forward it to a local server (say 192.168.0.10)
- if a request is sent to www.second-domain.com, I want to forward it to a local server (say 192.168.0.20) and so on...
I will need to forward these requests not only for web sites but for other services such as SSH, mail, RDP, VNC, etc etc PS Once it hits those local servers, I know how to use iptables to forward them as desired.
We have an Iomega StorCenter ix4-200d in our office. for past two days the shared public folder is not getting mounted. but it's working fine through the web interface i.e user can upload/download.that rules out the permissions problems.
I am providing the output of mount command:
t227@t227:/var/log$ sudo mount -t cifs --verbose //192.100.100.37/public /mnt/public/ -o username=shrey [sudo] password for t227: Password:
[Code]....
in fact i can't access any of the folder which I am having permissions to rw.but it's working fine through the web interface.
Basically I am trying to set up my own server so that I can ssh into it from anywhere. I am able to SSH into my server when I use the LAN IP of my server but I am not able to SSH into it if I use the public IP address. I have read many threads and in my opinion I've tried almost all of the common fixes suggested. One possibility may be that my ISP has blocked port 22. I have taken this into consideration and sent them an email and I'm presently waiting for a reply. However, I highly doubt that my ISP has restricted acess to port 22. I would really like to be able to SSH into my server from anywhere.
1). I installed openssh client/server using the following commands: Code: sudo apt-get install openssh-client sudo apt-get install openssh-client
2). I forwarded port 22 on my router. (see attachment for the settings)
3). I modified /etc/ssh/sshd_config such that my server has a static LAN address. contents of sshd_config file: Code: # Package generated configuration file # See the sshd_config(5) manpage for details # What ports, IPs and protocols we listen for Port 22 # Use these options to restrict which interfaces/protocols sshd will bind to ..... I then entered the command: Code: sudo /etc/init.d/ssh restart
4). I turned off the firewall using the command: Code: sudo ufw disable
5). Here is the output of the IP tables: Code: Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
GPG error: [URL]... hardy-backports Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 Tried this with no luck:
I'm trying to setup an open-source project, I have a couple of developers on the team but nobody has experience with Apache. I would like to setup a simple home server for Bugzilla on Ubuntu 10.04, so my question is, is there a server that comes secure out-of-the-box so that simply adding files to /htdocs would suffice?
I have setrup Ubuntu Enterprise Cloud on a single machine.
1) I am able to run the instances from store (karmic) On running the instance two ips are assigned (public and private) as 10.B.C.X and 172.19.1.2
2) I am able to connect to the instance (10.B.C.X) through ssh (using key)
3) However I am unable to access the instance outside the UEC (using public ip). When I try pinging, I get an error Request timed out or sometimes Destination host unreachable.
4) I have provided the following access using euca-authorize
Details below: 1) Hardware : Blade (64 bit) 2) Version : Ubuntu 9.10; Eucalyptus the one using apt-get install eucalyptus 3) Topology : Single physical system 4) Mode : Managed no-vlan
I resolved the issue, see post #4.I've installed gitosis on a home server running Kubuntu Maverick, but am unable to get the ssh public key to work. When I try to clone, I get a password prompt.I entered a password for the key file. Then I copied the resulting public key to the server's tmp directory:
i am working at a place that has 2 physical web servers yadayada1 and yadayada2 but only one public ip address i can use dyndns to register 2 dynamic domains on the same ip address how can i get yadayadayada1.dyndns.org to route to yadayada1 and yadayadayada2.dyndns.org to route to yadayada2 ?
I would like to set up a proxy server at home which i can use to access sites from work. I was thinking a web-page i log into and then a sort of use like a browser? like this for example, but where i can have a secure login
I installed AWSTATS on my LAMP 10.04 LTS and followed several tutorials URL...) but I can't secure the folder, either by an alias or by .htaccess. I tried both methods manually and by using Webmin.If you go to the URL www.mywebsite/awstats/awstats.pl it shows up, which is good, but this is the default installation site and anyone who knows awstats could possibly see my stats. The conf folder is /etc/awstats/, and I did an alias for that, then .htacess, but neither worked. With the .htaccess, I would get a password promt but the full stats page was visible behind the password promt, and if you clicked "Cancel" about 20 times or so the promt would go away and the full stats page would be visible.
The actual file that powers awstats is in /usr/share/lib/cgi-bin/awstats.pl, and I also tried an Alias and .htaccess seperately and neither worked.I restarted apache2 after each change and I've searched several forums, but I still can't figure this out.
I'm trying to write a p2p file sharing program using python's built-in libraries. Everything is going well. The only thing is that i'd like to be able to use openssl public and private keys so only a host with the public key could access/decrypt the filesharing. I've gotten these libraries (httplib, basehttpserver, ssl, os) to work using just a pem file containing both the public and private keys but no success with them seperately. Can someone point me in the right direction or offer an alternative? PS, the goal of the project is to create an anonymous, decentralized, secure file sharing program. I want to be able to upload this to sourceforge so everyone can use it, if that's any incentive
I just set up an VPS with ubuntu. I made a user1 and gave it ownership
Code: chown -R user1 /home/www
This user also have been given all the root privileges (I know it is not recommended!)
The problem is that each time I make new site, and user1 wants to upload (through ftp) files to /home/www/newsite I need to redo the the above command in order to be enable user1 to upload. Not only this, I need to rework permissions (744 for folders and 644 for files), otherwise the newsite throws permission errors message.
I installed OpenSSH via tasksel and am using Webmin for administration. I'd like to be able to SSH externally and want to setup the necessary public/private keys to use in FileZilla. In Webmin, under Servers > SSH Server I can click 'Host Keys' and see an RSA key. Is this the public or private key for my server? Do I need to copy this into a text file to import it into FileZilla on my remote PC (that I want to connect from)? Is that all that needs to be done (aside from opening the port on my router/firewall)? Or, is there an automated way to set this up via Webmin?
At the moment we have one SSH server with the private key being on a usb flash drive, and the public key being on the server in authorized_keys2. Now that three more servers are coming online, should we generate new keys, so we have muliple private and public keys (one pair for each server), or use the same two keys to access all the servers
I've been trying to share a folder with samba. This folder is the decrypted version of an encfs encrypted folder. Mounting the decrypted folder on the server is done automatically on login using gnome-encfs. Exposing the folder locally works like a charm. Now where I get stuck is trying to access the samba share from a client (even with smbclient on the server itself). I can see the share with smbclient -L:
I wan't whatever file/folder that ends up in the public folder to automaticly be open to whosoever access that folder. Right know I have to "chmod -R 777 file/folder.* "
I'm running Ubuntu Server 9.10 and I'm looking to setup an FTP server. I have SSH running beautifully and it's accessible from any computer whether it be inside the network or coming in from the internet (provided you have the administrator username and password ). I've tried Proftpd and vsftpd and have failed miserably so far. Which FTP server application do you think I should go with and how could I go about setting it up through my SSH connection?
My current setup is this: - Ubuntu Server 9.10 with Fixed IP of 192.168.1.100 - 500GB Hard Drive - SDA1 = 512MB ext2 /boot - SDA2 = 2GB swap - SDA3 = 20GB ext4 / - SDA5 = 438GB ext4 /home - One User (Username = administrator) - Full SSH Capabilities - IP Address to DNS provided by www.dyndns.org - WRT120N Router with Remote Access and Port 22 Open
I basically want to set up a secure FTP server that anyone on the internal network can access as well as anyone from the internet (as long as they have a username and password). I want to setup a username and password for each user so that they all have read/write access to the same folder in my /home partition (I'll call it FTPSHARE).
I am trying to remove the ability to login with password so, I follow the procedures I have found to generate a key, copy it on the server and after editing the sshd_conf file to set PasswordAuthentication to no, after I restart ssh, I find my self locked out of it....
how to setup a secure and reliable server, i have three ubuntu 10.10 servers a Dell PowerEdge 850,1850 and 2850 which has a Dell PowerVault 220s attached to it.The Dell PE850 Server Consists of:
Intel Pentium D 3.0GHz 4 GB RAM Eventually 2x250GB Sata Hard Drives
I would like to setup a reliable webserver, mail server, DNS and Dynamic DNS, DHCP, SQL, FTP, Samba (with Roaming Profiles), PXE Boot Server.I know how to setup most of the server modules, i would just like to know the best way to do it tho. I also want to no how to setup the secuity of the system correctly, and setup and partition up my hard disks to allow for the best reliabilty, even when a server crashes.I would like to now how to set these servers up from start to finish in a sence.
I am going to set up a file server on Ubuntu. I have searched a while, but can't seem to find a guide to what I want. The requirements specifications are the following:File server: possible to upload, change and download files.Linux (Ubuntu) clients, Windows clients if possible.Access restriction to deny access to other than registered users.Only the user should be able to read the content of the files.Ideally root should not be able to see the individual files, but in worst case it is ok for root to see the files.Root should not be able to open the files.Point 1-3 is easy to find out how to set up. But I can't seem to find a way to deny root to view the files. The only solution I can think of is to encrypt files or a whole folder, but I don't know how to set it up.
The setup is for a home network, but the server used as a file server will have a web server as well. If someone manages to get access to the server I don't want them to be able to read the files.
