# Trying to connect to my remote computer

## deadaim

How would I set up my computer so it can be connected to from another location.  I've heard something about 'ssh' but I'm not sure on that.  One problem that I have is that it's in a dorm so if I have any open ports on my computer, they will close it.  Is there a way to get around that?  I would like to use my computer while at home.

----------

## dj_goku

How are they going to close your computer ports? Your the only on that can control that right? ssh works great for me. If you use it only use ssh version 2 more secure. HOpe that helps.

----------

## ikaro

Well, if you are the only one that can access the computer, no one is going to close any ports on it.

on the other hand, if the admin is looking at the network logs to see if anyone have some port open that he doesnt like.. well he should find a real job.

you can run sshd on the standard  port 22 or configure it to run on another port , something like 92782 or so  :Razz: 

to start sshd: /etc/init.d/sshd start

rc-update add sshd default

that line will start the server after boot automagically.

----------

## deadaim

Damn it, I meant if they find any open port they will disconnect me off the internet for a bit.  Does this restrict me from being able to connect to my computer remotely?

----------

## teknomage1

pretty much

----------

## fleed

Unless you do it indirectly, through a 3rd computer. But I doubt that'll be a solution.

----------

## teknomage1

Hey this got me thinking, there was a book i found at the library called "Multi-tool Linux" that described a way to use procmail to filter commands out of specialy formatted email messages. You could register a hotmail accound, set up your system to check the mail every hour or so with hotwayd, and use procmail to run batch commands or something and then email you the results. Course you'd need to be way hardcoe to set all that up before you leave....

----------

## fleed

I think that's a pretty cool idea! Sort of like doing a shell through email!

----------

## TPC

instead of you connecting to it, how about making it connect to you?

it shouldn't be that hard to set-up netcat to connect to you and drop into a bash.

to trigger the connection to you could have a scripted IRC client connected to a server somewhere and make it do the connection when you tell that client to. This wouldn't get encrypted, but its better than nothing. thoughts?

----------

## fleed

That's easy... if you know where you're going to be at.  If the connection at home is dynamic ip it could still be done with one of the dyndns services on the web. 

In that case you could setup a vnc server on your pc and tell it to connect to a listening client on the home pc (say try it every 5 mins).

I still think the mailsh (for mail shell) is cool tho I guess IRC should work and could do the shell thing easily, as long as you can secure it well enough. ircsh then!

----------

## TPC

 *fleed wrote:*   

> That's easy... if you know where you're going to be at.  If the connection at home is dynamic ip it could still be done with one of the dyndns services on the web. 
> 
> In that case you could setup a vnc server on your pc and tell it to connect to a listening client on the home pc (say try it every 5 mins).
> 
> I still think the mailsh (for mail shell) is cool tho I guess IRC should work and could do the shell thing easily, as long as you can secure it well enough. ircsh then!

 

you could always pass the ip as a parameter to the command to the IRC client.

----------

## Awox

Wouldn't it be a better idea to ask your sysadmin if he would allow you to do such a thing? Explain to him it's not for anything nasty and only for managing your school work from home.

Now, isn't that a better idea?

Although, if you insist on being naughty, you can probably setup some iptables script that only allows one address to get through on port 22.

----------

## deadaim

 *Awox wrote:*   

> Wouldn't it be a better idea to ask your sysadmin if he would allow you to do such a thing? Explain to him it's not for anything nasty and only for managing your school work from home.

 

Hmm...I'll consider that...but for now, let's continue:

I've probably never done anything this heavy on networking.  I appreciate all of your attempts to help me, but I need something more specific.  I'm kind of new to this.  Sorry if I sound like an ass.

----------

## GhostBear

```

iptables -A INPUT -p tcp --dport ssh -j ACCEPT    

```

 :Cool: 

That will open port 22 to allow a remote connection.  You obviously need to have SSH (Secure Shell program -- like telnet but encrypted, a way to connect to your PC remotely), and IPTables (a netfilter/firewall/NAT program that's pretty damn slick).

What you could do though, is add an -s variable in to allow a connection on port 22 from only 1 specific ip:

```

iptables -A INPUT -p tcp --dport ssh -s 0.0.0.0 -j ACCEPT

```

where 0.0.0.0 is the IP you'll be connecting from.  If your default policy for IPTables is DROP, meaning anything that isn't explicitly allowed is dropped without a response, a certain admin's portscanner may have trouble noticing your PC is even there...

----------

## deadaim

 *GhostBear wrote:*   

> If your default policy for IPTables is DROP, meaning anything that isn't explicitly allowed is dropped without a response, a certain admin's portscanner may have trouble noticing your PC is even there...

 

How can I make sure that's the case?

----------

## GhostBear

Well here's a little script to get you started:

(I'm assuming your pc only has one NIC..)

```

iptables -P INPUT DROP

iptables -P OUTPUT ACCEPT

iptables -A INPUT -i lo -j ACCEPT

iptables -A INPUT -p tcp --dport ssh -j ACCEPT

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

```

Ok, so everything incoming is dropped without a response, unless you've explicitly allowed it.  The Loopback interface (lo) is allowed access, as is SSH.  The --state rule allows any connection *you yourself* have already established.

Grab nmap (it's a portscanner), and scan your eth0 IP.  (Should look like a true IP; 29.158.281.215 or something similar, NOT an internal one like 192.168....etc.)  Port 22 is SSH, if it doesn't show up I think you'll be good to go.  :Wink: 

Check around on this site for iptables howto's and info, there's a ton of stuff.  You can always keep adding and expanding your firewall script, adding logs, dropping invalid IP's, etc.  [/code]

----------

## Lews_Therin

A warning on the nmap thing...if "ifconfig" and www.whatismyip.com disagree, do NOT portscan your computer. You must use a site offering portscan services, otherwise you run the risk of pissing off your sysadmin.

----------

## z-lite

deadaim has his school PC (linux) behind a firewall (i'm assuming they're logging any incoming connections from the net) and wants to connect to it from his home PC (windows). what deadaim is asking for is how can he get his school pc to connect to his home pc but "turn the connection around" and then ssh his school pc from home.

----------

## Lews_Therin

Well, if his school computer is behind a firewall, he will have to work something out with the sysadmin to get a port poked through and routed to his comp. Otherwise it is (as far as I know) impossible to connect to the school comp.

----------

## catalYst

How about this:

   I've been thinking of writing a bot plugin for gaim, whereby you could have a "conversation" in an instant messenger, which was really tunnelling an ssh session to you.  I don't know how tricky it would be; everything seems fairly straight forward.  Just start a conversation with a dummy AIM account you create with something like, "connect me" and it would go through the motions of setting up the ssh session, pipping the ssh terminal output to your conversation.  The one obvious problem I can forsee would be formatting the output.  

   I don't want to piss off any sysadmins in the audience with this idea, though it seems to me a perfectly ok way to get shell access through a school/business firewall.

----------

