Re: ssh-ing in inside private network
On Tuesday 31 May 2016 23:56:39 Stephen Powell wrote:
> On Tue, May 31, 2016, at 15:31, Lisi Reisz wrote:
> > ...
> > So I need static IPs fast!
> > ...
>
> (The above was actually quoted from an earlier post).
> If you want to convert your computers to use static IP addresses, you might
> want to take a look at the following web page:
>
> http://www.stevesdebianstuff.org/hercules.htm
>
> The main subject of the web page is running Debian under Hercules under
> Debian, which of course you are not interested in. But in the process of
> documenting that there is a discussion about converting the host system for
> Hercules to use a static IP address. Using static IP addresses has some
> little known "gotchas", which are covered above. See the section titled
> "Networking changes". It also covers switching from network-manager to
> ifupdown, but if I recall correctly, you've already made that conversion.
>
> You might also want to take a look at the section titled "Router
> reconfiguration". In your case, you probably don't need or want to
> reconfigure the router, but you might want to get into the reconfiguration
> screens so that you can find out for sure which addresses are in the
> router's DHCP pool, so that you can chose a static IP address which is
> *inside* the router's network but *outside* the DHCP pool. That way, you
> can be sure that your static IP address will never interfere with what DHCP
> wants to do.
>
> > Help!! This was the point of the whole exercise. I want CLI only (no X
> > running) access to the Ubuntu installation on Hermes.
>
> Ubuntu systems usually do not have a password assigned to root. Therefore,
> you have to use sudo for all administrative work. If you want to *be*
> root, so that all commands issued run with root privileges, you have to
> assign a password to root with
>
> sudo passwd root
>
> I recommend that you ssh into the machine as a non-root user first, then
> elevate privileges by running a nested root shell via
>
> su
>
> After you supply the root password, which you just set earlier, your
> privileges will be escalated to root privileges until you enter the
>
> exit
>
> command, which will return you to your former non-root self. It is
> possible to login remotely as root, if the configuration of the host
> system's ssh server allows it, but "best practices" recommends against it
> for security reasons. It makes your home network easier to hack. But if
> you really want to do it, edit the file /etc/ssh/sshd_config. In the
>
> # Authentication
>
> section, look for
>
> Permitrootlogin no
>
> and change it to
>
> Permitrootlogin yes
>
> then bounce the ssh daemon with
>
> /etc/init.d/ssh restart
>
> As I said, it's not recommended;
> but it's your gun, your bullet, and your foot!
:-)
Thanks for this Stephen. Static IPs have been set up in my router ever since
I said that I obviously needed static IPs. I used to do it via e,n,i , but
nowadays I reserve IPs by MAC number in the router, and this is what I have
done here. I have also already set up a root password, and that is what the
screen actually attached to the computer was asking for - which was why I was
trying to log in as root. In the normal way I would indeed want to log in as
$USER and su into root if I needed root access.
Assuming that sshd is actually running at that stage, which it looks as though
it isn't, then I could always edit the authentication section temporarily and
put it back when I have finished. But if I can log in as $USER, I don't need
to log in as root. Once in, I can su. But the screen attached to the
computer was asking for root, so I thought the computer wouldn't accept
anything else at that stage.
I only need to do one thing remotely at this level, and if I can't do it, I
shall yet again give up any attempt to run Ubuntu, even as a dual boot.
And I have now basically got ssh working over my private network \o/, and have
used it for updating my husband's computer while he was sitting at it!!
(Note update not upgrade!)
Lisi
Reply to: