Connect to webserver via ssh/vpn? Suggestions

Connect to webserver via ssh/vpn? Suggestions

Postby xboxboy » Jan 24th, '16, 13:20

I'm able to install and successfully use a couple of web apps that I want to use, I'm able to use them from with in the LAN as expected after opening the firewall. What I would like to do now is be able to access these apps from the internet with out exposing it to the nasty's that are out there.

Someone suggested I could log in over ssh, but I'm not sure if I can then use my browser to access the webserver?

I have never used a VPN so I'm not sure if that's another option either.

I'm open to all ideas. TIA
xboxboy
 
Posts: 391
Joined: Jun 2nd, '13, 06:41

Re: Connect to webserver via ssh/vpn? Suggestions

Postby AstorBG » Jan 24th, '16, 14:29

Hi,
I use ssh.
If I want to run programs (with GUI or CLI) on the remote machine (A) from internet machine (B).
1) I first configure my router of A (open a port 22 and configure router of my A machine, also A firewall, and A ssh service),
I hope you know how to do this, if your A router has firewall enabled by default.
2) I use ssh -v -X username@IP to connect from B to A, where IP is the A routers IP, and user name of A,
once you are connected to A then you can type in the terminal e.g. firefox and it will
open firefox of A in your B machine.

The above assumes that both A and B are linux machines with DE and you are in B working on terminal.
Otherwise if B is Win, you can use tool as putty.

This is for me the easiest way to do things remotely and
by all means I am not expert in this matter.

Cheers,

Astor
Mageia 5.1, KDE4, x86_64
Mageia 8, Plasma, x86_64
AstorBG
 
Posts: 57
Joined: Jan 29th, '13, 21:31

Re: Connect to webserver via ssh/vpn? Suggestions

Postby jiml8 » Jan 24th, '16, 18:23

Astor's post also assumes that X-forwarding is enabled in the SSH server on machine A.

However, my understanding of what you are asking is somewhat different than Astor's. I interpret your question to mean that you want to access your webserver from the internet as if you were on the LAN. If my interpretation is correct, then you would have to use a VPN in order to have your remote machine join your LAN. I do this myself, and I have my router provide the VPN server. I then connect to my router using the VPN and it is as if I had plugged a LAN cable in to my remote laptop (though a bit slower).
jiml8
 
Posts: 1253
Joined: Jul 7th, '13, 18:09

Re: Connect to webserver via ssh/vpn? Suggestions

Postby xboxboy » Jan 24th, '16, 23:45

Thanks guys. Astor's idea is possible for sure. Although, I was thinking of using a android tablet when working on site to create invoices via the webserver, so I'm not sure if that would work in that instance. But from a laptop, sure that would work fine.

Jim can you provide some more detail about your setup? Do you use a vpn provider/service or your hardware can manage it all?
xboxboy
 
Posts: 391
Joined: Jun 2nd, '13, 06:41

Re: Connect to webserver via ssh/vpn? Suggestions

Postby xboxboy » Jan 25th, '16, 11:18

I forgot to mention I have a fixed IP, so the other option I can think of is open the webserver to the internet, but restrict the IP's that can access it, but then I don't know how mobile 3g/4g/lte connections handle their IP address, if it's constantly changing that concept wont work either.
xboxboy
 
Posts: 391
Joined: Jun 2nd, '13, 06:41

Re: Connect to webserver via ssh/vpn? Suggestions

Postby doktor5000 » Jan 25th, '16, 11:21

xboxboy wrote:but then I don't know how mobile 3g/4g/lte connections handle their IP address, if it's constantly changing that concept wont work either.

It shouldn't be constantly changing, more the other way round. Usually you use an APN from your mobile provider, where you use the same external IP adress as thousands of other users.
Cauldron is not for the faint of heart!
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
User avatar
doktor5000
 
Posts: 17629
Joined: Jun 4th, '11, 10:10
Location: Leipzig, Germany

Re: Connect to webserver via ssh/vpn? Suggestions

Postby xboxboy » Jan 30th, '16, 15:40

doktor5000 wrote:
xboxboy wrote:but then I don't know how mobile 3g/4g/lte connections handle their IP address, if it's constantly changing that concept wont work either.

It shouldn't be constantly changing, more the other way round. Usually you use an APN from your mobile provider, where you use the same external IP adress as thousands of other users.


Ah, yes. That makes sense. The other thing I thought of, is it possible to change to a non-standard port for the webserver?
xboxboy
 
Posts: 391
Joined: Jun 2nd, '13, 06:41

Re: Connect to webserver via ssh/vpn? Suggestions

Postby jiml8 » Jan 30th, '16, 16:52

xboxboy wrote:Ah, yes. That makes sense. The other thing I thought of, is it possible to change to a non-standard port for the webserver?


Of course. In fact, that is how I provide web access for my Owncloud instance which runs on my NAS. I require https connections, and I use a non-standard port. While I think the NAS is quite secure, that port never gets scanned hence my NAS is not being attacked via that route...and that is the only route that exposes the NAS to the net.

The security product I am working on also has a web interface which uses a non-standard port. We do expect, though, that as the popularity of our device increases (and it is selling very rapidly and at a steadily accelerating pace) that the port we use will be deliberately scanned searching for our device.
jiml8
 
Posts: 1253
Joined: Jul 7th, '13, 18:09

Re: Connect to webserver via ssh/vpn? Suggestions

Postby wintpe » Feb 9th, '16, 02:18

if you have a fixed address, and you care about you security, then a vpn gives the most flexible
option.
ssh is realy a single port vpn, in a way, the only difference between ssh and a vpn, is you redirect your clint to use
ssh tunnel via a single port.
ie 127.0.0.1:8080

whereas a vpn you redirect via a route, so that all traffic destined for 192.168.1.0/24 goes via tun0

setting up a vpn is a little harder than ssh, but possibly attracts less attention, an ssh port open will be a constant
attack target of regular port and brute force attempts, even if never successfull.

remember if you go the ssh route remember to set it up for rsa key only authentication,

not interactive password.

back to vpn, i installed on my network an asus router, and installed ddwrt

then setup a port forward, you can use any port as the listener on your gateway, then redirect that to the vpn server on the ddwrt

device.

lookup creating certificates in linux, to create your crt, and host specific public key private key pair.

as you would need these on any vpn target server you setup.

wether you choose a host on your network or a ddwrt device, maybe a rasberry pi for example, plenty of choices.

using a standalone device frees you to upgrade and change other stuff without loosing your remote access.

regards peter
Redhat 6 Certified Engineer (RHCE)
Sometimes my posts will sound short, or snappy, however its realy not my intention to offend, so accept my apologies in advance.
wintpe
 
Posts: 1204
Joined: May 22nd, '11, 17:08
Location: Rayleigh,, Essex , UK


Return to Networking

Who is online

Users browsing this forum: No registered users and 1 guest

cron