It’s been a while since I last wrote about ssh, one of my favorite applications.
SSH is extremely versatile and although the use of tunnels is a well know feature of ssh the reverse tunnel is not.
First where can you use a reverse tunnel? Imagine that you need to service a server/desktop that is behind a firewall and the only communication available is must be started on the host behind the firewall.
Look at the diagram bellow:
Now you are sitting on PC B and your mother in law is sitting on PC A (familiar story?? And yes my mother in law uses Linux), I don’t have direct access to her laptop (PC A) but I still need to install her skype to talk to the family.
First on PC B I create a dummy user for the connection:
useradd -m motherinlaw
Then tell someone on PC A to do the following (or create you own script to do it automatically, I’m also assuming that both PCs have sshd running)
ssh motherinlaw@PC-IP-B -R 2000:localhost:22
Let me explain it, the -R sets a remote tunnel, the 2000 is the port to be opened on the remote computer and the 22 is the port where the communication is going to on the local computer (PC A)
So after a successful ssh login from PC A to PC B (you may check it for instance with who), you will be able to login in PC A from PC B issuing:
ssh root@localhost -p2000
Hope this helped someone out there.
Lots of people ask me what’s the best Linux distro, some say what’s the best for a newbie others want to setup a home server and some others want to build a gatekeeper. So what’s the best distro to accomplish all this?
To be sincere I like OpenSuSE a lot and I use it for all my personal things and my work laptops, but I wouldn’t recommend it for server usage, I don’t recommend any of the desktops distros (aka distribution) for that matter due to a simple issue. The desktop distros like OpenSuSE, Fedora, Ubuntu , etc have a small support cycle. This means that if you want to have security upgrades you’ll need to be constantly updating your server install.
For usage in a server environment I like to use SLES, RedHat and CentOS. The support cycle is great (at least 5 years), the stability and endurance of the OS is great in any of them.
Once again I prefer SLES, this is due to the great tools and support they provide.However I don’t say the same about RedHat support, whenever I need them I had to find the solution on my own.
These are the two main scopes of Linux distros out there, the desktop and server, but they aren’t the only scopes where you have Linux. For instance if you want to have a firewall, proxy, content filter, qos, and traffic shaping I would recomend the excellent Endian FW (www.endian.it).
If you want to have your linksys/asus and other router working with linux, you may use dd-wrt, would you like to have an older computer as a
media center look at Geex-Box. A hacker distribution so you can test your systems security just download BackTrack. The list can continue and you will be able to find a distribution suited to your needs. Some may need just a live cd or dvd system, other a complete server suite like SME server (that will give you the same offer as Windows small business).
To conclude I don’t think there’s a better distro, there are differences and those differences make some people like one distro over the other.
Personally I like OpenSuSE and SLES.
As a part of my work I have to design and plan Hardware, Systems and Software deployment, and as many of you guys know sometimes it’s not that easy. Dimensioning hardware for specific roles can be a pain, sometimes you don’t even have the software as it’s being “produced” by the development team and still you have to tell how many machines, routers, switches and all the small things the project will take.
But some other projects aren’t this difficult and you don’t need such an amount of flexibility to do them, you don’t need a custom based firewall cluster, you don’t need a web server or database cluster, you just need a simple, reliable and out of the box setup that make things work in the smallest amount of time.
When you need something like this many sys admins have an excellent way to things in a tested and production prof way (specially if they are open mined to use open source);
The Software Appliances
The appliances are really helpful but before you start using them you need to know a few things, so lets start by the bad:
- Lack of flexibility
- Hardware choices are often hard due to the lack of drivers/modules available
The lack of flexibility is probably the biggest problem with appliances, usually they aren’t inflexible but to master the appliance you’ll have to put a big effort on the manuals, this should’ t be a problem if you stick to a few appliances but if you use a lot of them then you’ll probably take more time to master them than to study the OS and all the applications your need (apache, samba, iptables, and so on). About hardware choices, appliances are suited to run on most hardware out there (after all they use a linux kernel, at least most of them do) but if you run cutting edge hardware you may find it hard to make it work with your appliance, specially if your appliance version as more than 6month-1year.
Let’s go to the good now:
- Easy installation.
- Fewer skills required.
- Dedicated support, sometimes paid, usually free from the community.
- Performance boost (In the cases where the appliance comes with it’s how hardware).
So in conclusion appliances can be a great help, but they need extensive planning and testing before going to a production environment. Think not only about the present needs of your client but also about the future and expected ones. Bellow I’m going to write about my favorite software appliances and what are they for.
- dd-wrt – This is a great appliance for a bunch of Linksys, Asus, and another brand router, access point, home gateways, etc.
- Endian FW – Probably the appliance I use the most, you need firewall with a proxy server with content filtering? Do you need a VPN server or an antivirus scanner for your internet connection? Try this one.
- SME server – Do you need a windows domain server, a smtp server, pop server? Do you need to setup a small office in 2 hours? Choose SME server.
There are a lot of other appliances I’ve used since I’ve started working below a few honor mentions:
- GeexBox – For multimedia content displaying
- IPcop – Similar to endian (but endian has more features)
I’m done with appliances today, but you may wonder… what about the ugly? Well I didn’t find any that goes in this category, but the word goes well on the title 🙂 .