Cayman Systems 3220-H Manuel d'utilisateur

Phone HomeUse Dynamic DNS to phone home!Paul Elliott

NameCheapHostname and Username

NameCheapowlnest.blackpatchpanel.com•Subdomain with “A” record•My domain

NameCheapowlnest.blackpatchpanel.com•Goes in openwrt “Username” field.•Goes in openwrt “Domain” field.

If your router will not cooperate●Then you must get your linux computer to update dynamic dns.●Read on.

Install ddclient on your linux machine

Are you running dhclient or dhcpcd?$ ps -A|grep -i dh 3222 ? 00:00:00 dhcdbd 3426 ? 00:00:00 dhclient

Edit /etc/ddclient.conf●Start with –/usr/share/doc/ddclient/examples/sample-etc_ddclient.conf●Includes most common ddclient optionsdaemon=300

Edit /etc/ddclient.conf●Start with –/usr/share/doc/ddclient/examples/sample-etc_ddclient.conf●Includes “use” line for getting external IP address f

Edit /etc/ddclient.conf●Start with –/usr/share/doc/ddclient/examples/sample-etc_ddclient.conf●Includes server options for most dynamic dns hosts. S

Tell the dynamic DNS server to attend to your domain.●The dynamic DNS server will modify A records.

Edit /etc/ddclient.confdaemon=300 # check every 300 secondssyslog=yes # log update msgs to syslogmail-failure=root # mail failed update msgs to roo

Edit /etc/ddclient.confdaemon=300 # check every 300 secondssyslog=yes # log update msgs to syslogmail-failure=root # mail failed update msgs to roo

Edit /etc/ddclient.confdaemon=300 # check every 300 secondssyslog=yes # log update msgs to syslogmail-failure=root # mail failed update msgs to roo

Edit /etc/ddclient.confdaemon=300 # check every 300 secondssyslog=yes # log update msgs to syslogmail-failure=root # mail failed update msgs to roo

Running dhcpcd?●See ddclient documentation.cp /usr/share/doc/ddclient/examples/sample-etc_dhcpc_dhcpcd-eth0.exe \ /etc/dhcpc/dhcpcd-{your e

If you are running dhclient?$ ps -C dhclient PID TTY TIME CMD 2833 ? 00:00:00 dhclient●cp /usr/share/doc/ddclient/examples/sample-

Otherwise... Run ddclient as a daemon

Daemon talks to router to get external IP address.●Common routers have built in support.●Just uncomment correct “use” line in the sample ddclient.c

If your router is unsupportedWeb Scrape●Find the page in your router's web pages that displays the external IP address.

Isolate the frame containing the external IP address.●Right click on the frame; Show only this Frame

Create an A record for dynamic DNS to point to your Home computer.●127.0.0.1 (local host) is a good initial value.

Note the URL.●We will use the url to create a “use” line.

View the source for the page

Search of external IP address in the source!

Locate unique prefix●Locate a prefix that uniquely precedes the external IP address in the source html.●If necessary, use regular expressions.

Construct a “use” line.●Construct a use line from the two pieces of data we have gathered.–The URL.–The Prefix string●Put use line in /etc/ddclient

Edit /etc/ddclient.confdaemon=300 # check every 300 secondssyslog=yes # log update msgs to syslogmail-failure=root # mail failed update msgs to roo

Run ddclient as a daemon●Done configuring ddclient

Remember how I told you if you had dhclient or dhcpcd you did not have to run ddclient? ●You could read the ddclient doc and find out a file you co

What worked.●Added the following file to –/etc/dhcp3/dhclient-exit-hooks.d/ddclient-hook●Highlighted portions are from my use line. You will need t

Test that host record points to correct place.●Repeat that test still works after you get a new DHCP lease!$ dig owlnest.blackpatchpanel.com; <&

You do not have to have your own domain to phone home.●If you get a free account with dyndns.org they will create an host within one of their domai

Tell your router how to route incoming connection requests.●How to do this depend on your router.●Port 22 is used by ssh●what should your router do

Configure the ssh daemon's security.●Under root, edit–/etc/ssh/sshd_config●

Limit sshd access to users with known strong security.●Your “distro” will often add accounts that you don't even know about.●Just because you

Consider disabling password access altogether!●Berlios developer web site was attacked recently using man-in-the-middle attack using passwords.Pass

Disable protocol 1●Protocol 1 is old.Protocol 2

If you want to run remote X11 programs, you will have to enable X11Forwarding●Most security concerns concerning X11 Forwarding are for the X server

TCP wrappers may prevent sshd from accepting incoming connections!●Most distro's versions of ssh link to tcp wrappers.●This means they will no

Explicitly allow sshd to connect.●Modify /etc/hosts.allow to allow sshd to talk to the outside world.portmap: 192.168.86.0/255.255.255.0statd: 192

Pierce your firewall to allow incoming connections●How you do this depends on your firewall management software.●I use “firestarter”

Restart the ssh daemon●After changing security parameters, you will need to restart the daemon.# /etc/init.d/ssh restart

Tell your router to phone home to your dynamic DNS server.●How you do this depends on your router.●This is the best way, if it works.●However some

Go to ShieldsUP to verify we have and open port!

Go to ShieldsUP to verify we have and open port!●No Open port, no possibility of remote access!

Make sure your passwords are strong because they will try to get in!●Excerpt from my system log show hackers trying to get in!hrnowl:/var/log# grep

Generate a ssh public private key pair (if you have not already)●Use ssh-keygen to generate the keys. On your mobile computer●Distribute the public

If you have disabled passwords you will have to use sneakernet for distribution●ssh-copy-id -i ~/.ssh/yourkey.pub [email protected]–If you have disa

You are now ready to phone home.●Run a X11 terminal program on your home computer from your remote laptop.●From this window you can run any X11 pro

Run program on remote “client”●From this console window, you can run any X11 program.●Output display will be seen on local X server. Program will r

X11 terminology●In X11 terminology, the “X server” is where the screen, the keyboard and the mouse is, and the “client” is where the “program” is.●

If you have openwrt you can have your router handle dynamic dns!

●If you have openwrt have your router do dynamic dns!●Install luci-app-ddns from “System/Software”

Configure DDNS from LuCI Services

This is your hostnameAny “A” record can be modified.