Simple remote access to (already remote) Linux box?
April 8, 2008 11:18 AM   Subscribe

I just sent a server running Linux to a remote user, and I need to be able to administer it. The end user is not particularly linux-savvy, and moreover is busy with other things. I need a remote access/vpn solution which is minimally painful for the end user to install and config, likely with me on the phone. Simple SSH access would be fine.

The OS is Redhat Enterprise 5. Processor is x86_64.

I am aware of approaches using DynDNS and/or Hamachi, but I hope I am missing something much simpler.

Yes, I totally should have thought of this before I shipped it. *hangs head*
posted by everichon to Computers & Internet (6 answers total) 2 users marked this as a favorite
 
DynDNS for CentOS and sshd enabled seems simplest. You could run Webmin, if that's your thing, by proxying through that connection once it works (see the -D option for ssh).
posted by kcm at 11:30 AM on April 8, 2008


We use OpenVPN or an SSH tunnel when we've got this kind of issue. The SSH tunnel connects back to a server hosted in a colocated datacenter, and we connect to that server from our homes via OpenVPN.

If I were you, I'd write a shell script on a similar RHEL system that will run the necessary commands to configure the SSH tunnel, and then email him the script. He can save it down to the machine and run it, and bang, network access.
posted by SpecialK at 11:33 AM on April 8, 2008 [1 favorite]


SSH should be easy if they know (or you can walk them through) how to open TCP port 22 on their firewall and set up port forwarding to the box. Hopefully sshd is already running as it would be default, so all you need is an IP address and an open port.
posted by rhizome at 12:09 PM on April 8, 2008


I built a PC recently for someone in another city, and did think of Hamachi before shipping the box (it works fine, btw), but if I hadn't I'd just install it again on a different PC, do a bunch of screen captures of the process, and send the screen caps to the PC owner as an aid to talking them through it. Hamachi struck me as really simple, both installing the client and joining the PC to a VPN network. (I think I'd also send the Hamachi client install files on a CD along with the screen captures, just so as to avoid having to talk the owner through downloading it.)
posted by jfuller at 12:29 PM on April 8, 2008


Best answer: SpecialK's solution would be as easy as setting up an account for them on one of your machines, and having them run:
ssh -R 4567:localhost:22 them@your.server

Then on your server you run:
ssh -p4567 localhost
Which connects to port 4567 on your machine, which is forwarded to port 22 (SSH) on their machine, and lets you log in normally. (I'm assuming you have a login on the box you made).
posted by aneel at 2:17 PM on April 8, 2008


Best answer: I like aneel's suggestion, although I think once you do that once, I'd use the connection to set up a DynDNS client on the remote machine, and also help them* punch a hole in their firewall (on some obscure port) and forward it to port 22 on the remote machine. I'd also set up publickey auth and disable password access, just to keep idiotic bruteforce attempts to a minimum. This is how I have several remote machines set up (Mac OS X, but essentially similar), and it makes remote admin/troubleshooting a breeze. Almost too easy, actually...
posted by Kadin2048 at 9:11 PM on April 8, 2008


« Older What camera to buy with $1,000?   |   Cross-stitching and thick material? Newer »
This thread is closed to new comments.