Hi, Jason Hsu wrote:
I've learned how to turn an old computer into a firewall and DHCP server for my tiny home network.
Which distro are you using?
I understand that I can install an SSH server on this machine so that I can access it from outside. Once I have this SSH server connected to the Internet, how do I access it from another location? I have DSL broadband service, but I don't think I have a static IP address.
My suggestion is to use a dedicated firewall machine with as little on that as needed, absolute minimum. No ssh on this server.
Use port forwarding to a box running just ssh (no other public services); consider ONLY port forwarding from trusted IP addresses if possible.
On the ssh server ensure you use AllowGroups in your ssh setup, /bin/false is not suitable to secure ssh logins [1]. Also consider logins only with certificates (if you can). Consider NOT allowing root access, you can always sudo or su to root if needed. Consider if you need tunneling enabled on your ssh server.
Ensure, if allowing password logins via ssh that you have a nice long and secure password. Simple or short passwords offer little or no security.
There are logs more things to consider, but the above should give you a good start.
[1] http://www.semicomplete.com/articles/ssh-security/ -- Kind Regards AndrewM Andrew McGlashan Broadband Solutions now including VoIP