Athideus Posted July 16, 2013 Share Posted July 16, 2013 Currently I have my router (Cheap POS AT&T uverse router) setup for port forwarding to my unraid server for remote SSH administration. While checking through the logs i have seen about 20 attempts to log into root through SSH from random IP addresses. I have set static amount of locations that I will ever do remote administration from and I know each locations exit IP. My question is "How do i only allow remote connections to my server from specific public IP addresses, preferably by port? That way i can only allow SSH and Web administration from my IP addresses but still be able to share out my Plex to whomever is authenticated through Plex(port 32400)" Quote Link to comment
WeeboTech Posted July 16, 2013 Share Posted July 16, 2013 You may be able to lock down ssh via /etc/hosts.allow and /etc/hosts.deny. You cannot lock down emhttp the same way. Therefore I would suggest you do the lock down and ip validation for these ports directly on your router. Quote Link to comment
sureguy Posted July 16, 2013 Share Posted July 16, 2013 It's probably not a bad idea to run ssh on a nonstandard, high numbered port. Sent from a phone, sorry for any typos Quote Link to comment
StevenD Posted July 16, 2013 Share Posted July 16, 2013 Wouldn't you be better off closing port 22 and using some type or remote access into another computer on your network and perform your administration from ther? Quote Link to comment
Athideus Posted July 16, 2013 Author Share Posted July 16, 2013 Wouldn't you be better off closing port 22 and using some type or remote access into another computer on your network and perform your administration from ther? This is how i was doing my administration (through teamviewer) but i ran into issues where I needed to get to my server and teamviewer wasn't working on my home pc for whatever reason. Also I would prefer to have the clipboard functionality. Remote web administration isn't a requirement, just something that would be nice to have. It's probably not a bad idea to run ssh on a nonstandard, high numbered port. Sent from a phone, sorry for any typos I didnt think about this, Ill have to read up on how to do that. You may be able to lock down ssh via /etc/hosts.allow and /etc/hosts.deny. You cannot lock down emhttp the same way. Therefore I would suggest you do the lock down and ip validation for these ports directly on your router. Ill try out the hosts files and see if that works. I may end up having to buy a cheap router and loading up DDWRT for the rest of it then. Quote Link to comment
WeeboTech Posted July 16, 2013 Share Posted July 16, 2013 For remote web adminstration I used squid to proxy my http via ssh. I use SecureCRT on my windows desktop, I set up secure CRT localhost port 3128 to forward through the SSH tunnel to the remote machine's 3128. I then set up a separate browser (firefox) to proxy all http to localhost 3128. Squid is running on remote machine's 3128 and proxy's all http locally in that network. In my setup I have the SSH daemon set up with specific addresses in the /etc/hosts.allow file. There are probably better ways, that's how I've been doing it for years. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.