www.chilliwave.com

Wifi Network Distribution and Billing Server
It is currently Sat Jan 18, 2020 11:20 am

All times are UTC - 8 hours [ DST ]




Post new topic Reply to topic  [ 23 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: First Impressions (How to Remote Desktop)
PostPosted: Fri Sep 26, 2008 6:24 pm 
Edit by Chuck: 10/04/08

Read on down this thread and it turns into a discussion about how to easily remote desktop your enchilada server with linux or windows, no problem..

----------------------------------------------------------------------------------------------------------

I am setting up a test system for possible use as a hotspot billing/management system.
IMHO after installing there are a couple of things that need to be done immediately if the system is to be accessible via ssh from the Internet.

login as root on the console (tty1 - do a ctrl-alt-f1)

1. change the root password and the password for chuckoms

passwd root
passwd chuckoms

2. create a new user

adduser <users name>
e.g.:

adduser fred

3. edit the /etc/sshd/sshd_config file

change "permitrootlogin" to no

Add a line below like this:

AllowUsers fred

restart the ssh daemon by doing a
/etc/init.d/ssh restart


This will disallow root access via ssh and only allow the users specified
So you can still login as a regular user and then su to root if needed

Anyone who has a Linux/Unix system with ssh open needs to do at minimum the above steps to stop the possibility of your system being hacked. Running a quick nmap against a fresly installed system will show it as:
Host: debian-enchilada; OS: Linux

Anyone finding that will find this site and the default passwords.

4. install fail2ban to minimize dictionary attacks.
There is a write up on it here:
http://www.howtoforge.com/fail2ban_debian_etch

fail2ban listens for requests/wrong login & passwords and will block an IP address from accessing your system if it fails too many times

I would also remove any of the other websites/interfaces that aren't needed, i.e. vtigercrm, phpbb, oscommerce or at least use a login via a .htaccess file


Top
  
 
 Post subject:
PostPosted: Fri Sep 26, 2008 7:28 pm 
Offline
Site Admin
User avatar

Joined: Fri Mar 17, 2006 4:52 pm
Posts: 4413
Location: Bend, Oregon
Sweeet... Very good information SRW.. Thanks for taking the time to explain that to people.. I might move this or put a copy of it under Network Security Issues so it can also be easily found by people who are looking for information on locking down the server..

Phil wrote a really good write up on security that you might find interesting also.. It is in that same category..

welcome onboard and keep us tuned in to how your system is going..

Thanks,
Chuck


Top
 Profile  
 
 Post subject:
PostPosted: Fri Oct 03, 2008 5:06 am 
Offline

Joined: Wed Mar 19, 2008 9:15 am
Posts: 138
Location: Grayslake, IL
If you have the DD-WRT router in front of the Enchilada server doing port forwarding, disable SSH on port 22 of the router to pass through to the Enchilada Server. Testing now., complete, it works! :)

It it a good policy to enable SSH remote port on the router to something other than port 22 or just disable it when you have the Web GUI enableled on a unique port?

Since I am a "Dumb" pipe, I do like to ping my devices both from inside my network and from the outside,. My question is should I turn on
"Block Anonymous WAN Requests (ping)" or leave it off?

Thanks for your help,

Jim

_________________
LinkedIN Profile: http://www.linkedin.com/in/jimmywireless


Top
 Profile  
 
 Post subject:
PostPosted: Fri Oct 03, 2008 6:40 am 
Offline
Site Admin
User avatar

Joined: Fri Mar 17, 2006 4:52 pm
Posts: 4413
Location: Bend, Oregon
Jim... That "Block Anonymous Ping Requests" is for blocking denial of service attacks where somebody could flood your server with millions of ping commands and basically bog down and jam the server... This is very unlikely for any of our users to encounter this.. If you do decide to activate that feature, it will have zero affect on the function of the enchilada server..

Also, anybody who is running version 3.0 already has port 22 changed to 8222 for the WAN port ssh remote access...

Port 22 is automatically forwarded to the enchilada server..

Chuck


Top
 Profile  
 
 Post subject:
PostPosted: Fri Oct 03, 2008 8:32 am 
Offline

Joined: Tue Apr 29, 2008 6:10 am
Posts: 231
a nice software to login to the server is www.nomachine.com
it works over the ssh connection and is better then vnc
it allowes the user to login to a new or a running screen on the server

Greetings
Steven


Top
 Profile  
 
 Post subject:
PostPosted: Sat Oct 04, 2008 11:23 pm 
Offline
Site Admin
User avatar

Joined: Fri Mar 17, 2006 4:52 pm
Posts: 4413
Location: Bend, Oregon
ATTENTION!!! THIS IS THE SHIT RIGHT HERE!!! THANK STEVEN!!

It took me a bit to get to the bottom of just what this nomachine software is all about, but they do have a free version of it right here, along with the instructions on how to install it on your wifigator companion machine.. It also has a windows client download..

This will make remote desktop control of your enchilada server a snap.. This works via ssh tunnel, which is already setup as a port forward on your enchilada server by default, so you are good to go with remote desktop with this application.. I am going to turn right around now and not only roll up a new companion DVD with this already built into it, but I am going to see if I can now install KDE desktop on our slice servers and use this to remote desktop our slice machines...

(Note: I did install this on my build server but I am not sure it is required to be installed on the server end.. If your's does not work by simply installing it on the client side, then I guess it needs to be installed on both ends.. we will find out..)

(Another edit.. I already figured out that you do need to have this running on the server and the client both, so install tihs on the enchilada server too..)

THAT IS SO COOL!!!

Thanks for this very valuable tip here.. This is the coolest thing I have seen since OpenVZ and this will revolutionize how we do things around here from now on, I can tell..

Here is the link to the download and the instructions to install it..

http://www.nomachine.com/download-package.php?Prod_Id=6

Once all three of those files are installed, click START / INTERNET / NXSERVER CLIENT / NX CONNECTION WIZARD

Then you just login with user "chuckoms / ifiw321" and you will be sitting at the standard desktop of your server..

I am sure it is almost identical with the windows nxclient program to do the same thing with windows to remote desktop your server..

Very cool advancement here.. A must have for all... This is how you can do it yourself right now and I am going to update all of us in the DVD's with the next release, which will be right away again..

Thanks again Steven for the golden nugget here... 8)

Chuck


Last edited by Chuck D on Sun Oct 05, 2008 1:33 am, edited 1 time in total.

Top
 Profile  
 
 Post subject:
PostPosted: Sun Oct 05, 2008 12:44 am 
Offline

Joined: Tue Apr 29, 2008 6:10 am
Posts: 231
Yea its realy nice indeed, it works with KDE, Gnome, CDE and XDM by default.

It uses soooo much less cpu and mem compaired to vnc, my small machine realy loves it..
With vnc i used to run up to 80% cpu usage and with nomachine it runs on 10-15%. Nomachine only updates mouse movement, changes of screen when they are really there and still only updates the changes in it.

Next time when i find something nice, i will remember to post more details, forgive me, i am not realy a forum kind of guy, but the gator is also changing that in me...

I went looking for an ssh <> rdp solution after i saw i russian guy here in the hotel sniffing all networks. As i am connected myself over the hotspot too, i got little curiaus about protecting myself.
Still am looking for a nice deadeasy VPN solution...If i find something, i will let you know

Also i am still trying to get a camera to work from the hotspot to put a live image on the hotspot page and on the hotel's webpage (if they have any).. Found several solutions, but it needs a lot of drivers inside the routers. The main idea was to have the gator server pull an image from the router and with some minor code on the website so it will look up the camera's address from the gatorserver so it can use it too.

However, been to 5 shops here and non sold a nice router that can run dd-wrt and has a usb port... so no testing in that department.
Will keep you all posted

Greetings
Steven _Me2_


Top
 Profile  
 
 Post subject:
PostPosted: Sun Oct 05, 2008 1:30 am 
Offline
Site Admin
User avatar

Joined: Fri Mar 17, 2006 4:52 pm
Posts: 4413
Location: Bend, Oregon
Check it out... Now I did successfully get KDE 4.1 installed on ubuntu 7.10 on the slice server and I am logged into my new remote desktop on my slice right now..

Sweeeet!!!!

This will be a huge upgrade for the slice servers and also for the DVD machines, either way... This remote desktop is an exact replica of your system and it can even be used by more than one person at a time..

Damn, this has been rolling around the back of my brain for a long time and this was the nice and tidy little puzzle piece that pulled it together and made it work nice and easy.. I love it already..

This is an update that I will only work on the 3.0 slices because there is so much to install and configure that I don't think it is feasible to do it to each machine individually..

But the 3.0 slices will be the bee's knees with this addition...

I know Loren is going to love this advancement.. He has had this going before, but not on the slice machines, and now he will crap when he sees I have the KDE 4.1 desktop running on the slice servers... LMAO!!!! THAT'S GREAT!!!

It's got the whole shi-bang installed, too.. Everything that is on the DVD version... Unreal...

More to come on this subject, for sure..

Thanks again for this one, Steven...

Chuck


Top
 Profile  
 
 Post subject:
PostPosted: Sun Oct 05, 2008 3:36 am 
Offline
Site Admin
User avatar

Joined: Fri Mar 17, 2006 4:52 pm
Posts: 4413
Location: Bend, Oregon
The windows client works slice also.. Here it is....

http://64.34.161.181/download/3.2.0/Win ... 2.0-13.exe

So you just install the three packages shown above on your enchilada server and this program on your windows machine and you are good to go..

If you are running the wifigator companion DVD then you just do the same install of all three files on both ends and you will also be set to go..

The login is as simple as entering the ip address or domain name of your server, along with your username and password:

user = chuckoms
pass = ifiw321

If you have changed that password then of course you will use your own password..

Slicetoast VPS machines with OpenOffice and so other cool stuff will be awesome.. I even have the system monitor running on the desktop of my new slice template..

This was a MAJOR ADVANCEMENT, for sure..

I ended up staying up late messing with this, so now it is bed time...

Talk to you all tomorrow,
Chuck


Top
 Profile  
 
 Post subject:
PostPosted: Sun Oct 05, 2008 4:58 am 
Offline

Joined: Tue Apr 29, 2008 6:10 am
Posts: 231
Chuck, There is also a Webplugin for accessing the server
It will enable you to login from any pc without the client installed

http://www.nomachine.com/documents/plugin/install.html

Download from here:
http://64.34.161.181/download/3.2.0/Lin ... 3_i386.deb

Quote from website
---------------------------
install it using the dpkg utility:
# sudo dpkg -i nxplugin_X.Y.Z-W_i386.deb
The Web Companion will be installed in the /usr/NX/share/plugin directory.
To make it accessible via Web, please copy the plugin directory in the proper public directory of your Web server, e.g.:
# sudo cp -a /usr/NX/share/plugin /usr/local/apache/htdocs/
---------------------------
The last dir needs to be changed to reflect the correct path for wifigator, perhaps its nice to include this in the admin pages itself

Greetings
Steven


Top
 Profile  
 
 Post subject:
PostPosted: Sun Oct 05, 2008 11:09 am 
Offline
Site Admin
User avatar

Joined: Fri Mar 17, 2006 4:52 pm
Posts: 4413
Location: Bend, Oregon
Steven.. Now I got up this morning and have been messing with the web based remote desktop program here, but so far I cannot get it to run... But from what I can tell, all it does is offer the client machine to download the java app to run the desktop anyway, which would be kind of smooth, but not completely necessary..

Just having the windows client program as a download link in the wifigator control panel is sufficient to get the job done.. People can just install it along with putty and winscp during the setup process..

I already rolled this into the companion DVD, just as I finally got a new remaster built and posted last night.. It is version 3.0.2 and it is posted now for those who want it.. That 3.0.2 companion DVD does not have this cool feature yet though, so I will sit right back down and remaster both of them and get it out to everybody..

The more advanced users in here who can navigate their machine and install deb packages can do this right this minute though.. It is a no brainer installation.. You literally copy and paste those instructions into the command line and it will install without a hitch.. The enchilada DVD already has all of the dependencies needed..

I got Loren on the phone this morning first thing and got him logged into the new remote desktop of our slice VPS template and he was stoked, of course..

Not that this really does anything for the enchilada program itself, but it is a revolutionary addition to our system overall.. I could go on and on about all of the clever things we can do with this..

WE DON'T CALL THIS "THE WHOLE DEBIAN ENCHILADA" FOR NOTHING!!!

Thanks to you super smart people... This demonstrates the power of our collaborative thinking.. 8)

It will take several days now to roll all of this back up and again and remaster everything again and probably roll the new features in, etc... and get this widely distributed, but it is on the way..

Very cool function here.. I am totally impressed... The performance of it is like you are sitting right at the machine.. No delay at all..

Thanks again and there will definitely be more discussion to come on this one..

Chuck


Top
 Profile  
 
 Post subject:
PostPosted: Sun Oct 05, 2008 12:06 pm 
Offline
Site Admin
User avatar

Joined: Fri Mar 17, 2006 4:52 pm
Posts: 4413
Location: Bend, Oregon
Still googling on this web plugin method of doing this.. I can see that I need to get Loren on this next part, because it is a whole bunch of web stuff that is his expertise, not mine.. I have the linux framework of it going, but I need him to interface with me on this one to create the sessions and all of that part..

The way it works now with downloading a small client program for windows or having it already installed in the companion DVD is pretty much all we need..

I am still blown away by how well it works..

REMOTE DESKTOP ON OUR SLICE MACHINES... SWEEEEEET!!!!

I don't know of any other hosting service that gives you the full machine, including the desktop... Unreal..

Chuck


Top
 Profile  
 
 Post subject:
PostPosted: Mon Oct 13, 2008 9:23 pm 
Offline
User avatar

Joined: Wed Jun 04, 2008 2:15 am
Posts: 149
Location: CO
Chuck, is this currently set up on our slices? If so, how do we access it?

_________________
KE5TVB
my '61 falcon


Top
 Profile  
 
 Post subject:
PostPosted: Tue Oct 14, 2008 6:20 am 
Offline
User avatar

Joined: Thu Feb 28, 2008 8:33 am
Posts: 858
Location: Odessa TX
no its not there yet. you can install it with the downloads that chuck links to.

_________________
Steve

Yes, I'm a PC and I run great on LINUX.


Top
 Profile  
 
 Post subject:
PostPosted: Tue Oct 14, 2008 12:34 pm 
Offline
Site Admin
User avatar

Joined: Fri Mar 17, 2006 4:52 pm
Posts: 4413
Location: Bend, Oregon
Thanks steve.. Yeah, balaso, this is a big installation to add to your existing slice machine, so when you are at a point where you want me to upgrade you slice, I will do so..

This works right now by installing the software directly on your own machines with the links I post above, but the slices have to have KDE installed on them, which I have done, but it involves installing over 500 packages onto the slice machines, so it is not something I think you want to mess with yourself in this case..

If you want me to reinstall your slice with this desktop on it then just backup your data and let me know when you are ready and I will put the new slice template on there and you will be good to go..

Chuck


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 23 posts ]  Go to page 1, 2  Next

All times are UTC - 8 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group