Phone HomeUse Dynamic DNS to phone home!Paul Elliott
NameCheapHostname and Username
NameCheapowlnest.blackpatchpanel.com•Subdomain with “A” record•My domain
NameCheapowlnest.blackpatchpanel.com•Goes in openwrt “Username” field.•Goes in openwrt “Domain” field.
If your router will not cooperate●Then you must get your linux computer to update dynamic dns.●Read on.
Install ddclient on your linux machine
Are you running dhclient or dhcpcd?$ ps -A|grep -i dh 3222 ? 00:00:00 dhcdbd 3426 ? 00:00:00 dhclient
Edit /etc/ddclient.conf●Start with –/usr/share/doc/ddclient/examples/sample-etc_ddclient.conf●Includes most common ddclient optionsdaemon=300
Edit /etc/ddclient.conf●Start with –/usr/share/doc/ddclient/examples/sample-etc_ddclient.conf●Includes “use” line for getting external IP address f
Edit /etc/ddclient.conf●Start with –/usr/share/doc/ddclient/examples/sample-etc_ddclient.conf●Includes server options for most dynamic dns hosts. S
Tell the dynamic DNS server to attend to your domain.●The dynamic DNS server will modify A records.
Edit /etc/ddclient.confdaemon=300 # check every 300 secondssyslog=yes # log update msgs to syslogmail-failure=root # mail failed update msgs to roo
Edit /etc/ddclient.confdaemon=300 # check every 300 secondssyslog=yes # log update msgs to syslogmail-failure=root # mail failed update msgs to roo
Edit /etc/ddclient.confdaemon=300 # check every 300 secondssyslog=yes # log update msgs to syslogmail-failure=root # mail failed update msgs to roo
Edit /etc/ddclient.confdaemon=300 # check every 300 secondssyslog=yes # log update msgs to syslogmail-failure=root # mail failed update msgs to roo
Running dhcpcd?●See ddclient documentation.cp /usr/share/doc/ddclient/examples/sample-etc_dhcpc_dhcpcd-eth0.exe \ /etc/dhcpc/dhcpcd-{your e
If you are running dhclient?$ ps -C dhclient PID TTY TIME CMD 2833 ? 00:00:00 dhclient●cp /usr/share/doc/ddclient/examples/sample-
Otherwise... Run ddclient as a daemon
Daemon talks to router to get external IP address.●Common routers have built in support.●Just uncomment correct “use” line in the sample ddclient.c
If your router is unsupportedWeb Scrape●Find the page in your router's web pages that displays the external IP address.
Isolate the frame containing the external IP address.●Right click on the frame; Show only this Frame
Create an A record for dynamic DNS to point to your Home computer.●127.0.0.1 (local host) is a good initial value.
Note the URL.●We will use the url to create a “use” line.
View the source for the page
Search of external IP address in the source!
Locate unique prefix●Locate a prefix that uniquely precedes the external IP address in the source html.●If necessary, use regular expressions.
Construct a “use” line.●Construct a use line from the two pieces of data we have gathered.–The URL.–The Prefix string●Put use line in /etc/ddclient
Edit /etc/ddclient.confdaemon=300 # check every 300 secondssyslog=yes # log update msgs to syslogmail-failure=root # mail failed update msgs to roo
Run ddclient as a daemon●Done configuring ddclient
Remember how I told you if you had dhclient or dhcpcd you did not have to run ddclient? ●You could read the ddclient doc and find out a file you co
What worked.●Added the following file to –/etc/dhcp3/dhclient-exit-hooks.d/ddclient-hook●Highlighted portions are from my use line. You will need t
Test that host record points to correct place.●Repeat that test still works after you get a new DHCP lease!$ dig owlnest.blackpatchpanel.com; <&
You do not have to have your own domain to phone home.●If you get a free account with dyndns.org they will create an host within one of their domai
Tell your router how to route incoming connection requests.●How to do this depend on your router.●Port 22 is used by ssh●what should your router do
Configure the ssh daemon's security.●Under root, edit–/etc/ssh/sshd_config●
Limit sshd access to users with known strong security.●Your “distro” will often add accounts that you don't even know about.●Just because you
Consider disabling password access altogether!●Berlios developer web site was attacked recently using man-in-the-middle attack using passwords.Pass
Disable protocol 1●Protocol 1 is old.Protocol 2
If you want to run remote X11 programs, you will have to enable X11Forwarding●Most security concerns concerning X11 Forwarding are for the X server
TCP wrappers may prevent sshd from accepting incoming connections!●Most distro's versions of ssh link to tcp wrappers.●This means they will no
Explicitly allow sshd to connect.●Modify /etc/hosts.allow to allow sshd to talk to the outside world.portmap: 192.168.86.0/255.255.255.0statd: 192
Pierce your firewall to allow incoming connections●How you do this depends on your firewall management software.●I use “firestarter”
Restart the ssh daemon●After changing security parameters, you will need to restart the daemon.# /etc/init.d/ssh restart
Tell your router to phone home to your dynamic DNS server.●How you do this depends on your router.●This is the best way, if it works.●However some
Go to ShieldsUP to verify we have and open port!
Go to ShieldsUP to verify we have and open port!●No Open port, no possibility of remote access!
Make sure your passwords are strong because they will try to get in!●Excerpt from my system log show hackers trying to get in!hrnowl:/var/log# grep
Generate a ssh public private key pair (if you have not already)●Use ssh-keygen to generate the keys. On your mobile computer●Distribute the public
If you have disabled passwords you will have to use sneakernet for distribution●ssh-copy-id -i ~/.ssh/yourkey.pub [email protected]–If you have disa
You are now ready to phone home.●Run a X11 terminal program on your home computer from your remote laptop.●From this window you can run any X11 pro
Run program on remote “client”●From this console window, you can run any X11 program.●Output display will be seen on local X server. Program will r
X11 terminology●In X11 terminology, the “X server” is where the screen, the keyboard and the mouse is, and the “client” is where the “program” is.●
If you have openwrt you can have your router handle dynamic dns!
●If you have openwrt have your router do dynamic dns!●Install luci-app-ddns from “System/Software”
Configure DDNS from LuCI Services
This is your hostnameAny “A” record can be modified.
Commentaires sur ces manuels