I'm assuming the machines are connected to each other via a dedicated hardware router, but network topology does not really matter as long as all machines can see each other. Also I'm assuming all machines are on the same network segment, i.e. you have a typical small-scale home network.
First, install the ssh metapackage on the machines you want to connect. On Debian based systems, this will get the OpenSSH client, the OpenSSH server and the blacklist of insecure keys. All are required for the setup to function properly.
Next, we will add some basic network security. On the machines you want to connect make sure that /etc/hosts.deny contains the line
ALL: ALL
This blocks all inetd controlled services (most stuff except HTTP and Samba) coming from all hosts by default. In /etc/hosts.allow add:
ALL: LOCAL
This allows all services running on your local network (i.e. all hosts whose names don't contain a dot) to access the local host.
If you are paranoid and only want to allow ssh, instead use
sshd: LOCAL
You will likely not be running a DNS server on your network, so you will have to set the hostnames on each machine. The top of each /etc/hosts file should contain something like
127.0.0.1 localhost
127.0.0.1 nameofthismachine
Where nameofthismachine is the desired hostname for the local computer. In the same file, add the IP addresses and hostnames of all other machines that machine should be able to connect to, for example
192.168.0.2 anothermachine
192.168.0.3 yetanothermachine
You can find out the network IP address of a box either by running ifconfig on that machine or logging into the router and looking at the logs.
Changes to the hosts* files should come into effect immediately, but the router may be slow to pick up hostname changes, so it is a good idea to power cycle it now to renew the DHCP leases and update the routing table.
Now, at one of the boxes, try
ssh username@someotherbox
and if ssh can connect to someotherbox, you are asked for username's login password. Now you can work with that shell like you were sitting in front of the other computer. You can also start GUI programs when adding the -X switch (which enables X11 forwarding). For better performance but less local security you can add -Y to enable trusted X11 forwarding.
ssh -X -Y username@someotherbox
Then you can start xeyes or some other graphical app for testing. Depending on the processing power of your router and link speed, even watching DVDs over the SSH connection may work well.
Ok, what about transferring files? You have several options here. When working on a shell with Midnight Commander, you can establish a shell connection via the Left/Right menus. In KDE, Dolphin/Konqueror and file dialogs understand the fish:// protocol (example: fish://username@someotherbox). Similarly, you can use ssh:// in many Gnome applications. You can also mount the remote computer's filesystem using sshfs.
If you have a network service running on one of the machines, like a streaming server, you may want to tunnel the data through SSH too. To tunnel port 6666, with the local machine at the receiving end, do
ssh -R 6666:localhost:6666 username@server
Hopefully, this article has helped you secure your network a bit.
Posts
0 Kommentare:
Post a Comment