Solved

help SSH PPP

Posted on 2001-07-26
18
300 Views
Last Modified: 2010-03-18
RedHat 7.1

I am trying to connect to a server using SSH from a dial-up connection. The server needs my address.

DHCP gives me a different address every time.

I tried adding an address to PPP (multihosting) but it didn't work.

If I dial-up, then give the server my DHCP address it works. Of course this takes time and I have to make an unsecured login to do it.

Maybe I could set it up to route to PPP somehow using my home network? (USING MY NETWORK CARD IP AS MY ADDRESS) If I had to configure my computer with the address that DHCP gave me each time I could do that.

I wouldn't know how though.
Any ideas welcome. I can't be the only person to ever have this problem.


0
Comment
Question by:Ted22
  • 7
  • 6
  • 3
  • +1
18 Comments
 
LVL 4

Expert Comment

by:garisoain
ID: 6323727
have you tried DNS2go? this way you can get a fixed hostname routed to your IP-Address every time you got a new one....

http://www.dns2go.com

if your server asks for the hostname, it will always get your current IP address...

=/ hope this helps.
-garisoain
0
 
LVL 1

Author Comment

by:Ted22
ID: 6324070
DNS2go looks like it's more for accessing your home computer from the internet with a name. I don't think it can be used for connecting to a server from home when your address is required on the server. I'm going to check into this.
0
 
LVL 4

Expert Comment

by:garisoain
ID: 6324131
Yes, that's the main Idea of DNS2Go, but i think their "fixed" hostname feature can help you with your problem...

0
 
LVL 2

Expert Comment

by:pheur
ID: 6324235
If you want to say that you need a fixed IP address to be granted shell access via SSH, well it depends on your provider; and providers usually (read "almost never") don't give static IPs for dial-up accounts (many idiotic providers FORCE dynamic IPs even on permanent connections such as DSL/Cable - classical example is Wanadoo/FranceTelecom).

There is a possibility that you add an additional IP to your PPP interface (you certainly can under Linux), but the problem is that you cannot receive IP traffic on that address (you can send but the return traffic doesn't get to you).

In the "Good Old Times" it was possible to force the IP to the access server by setting that IP in the connection config. Of course, it had to be an IP belonging to the dial-up pool you were connecting to. That times are gone, both software and hardware changed.

For me it looks quite stupid to limit access to ssh service based on IP beacuse there are better ways to do that, because ssh is one of the few (if not the only) secure services and denial of service is NOT security.

If you will explain better the situation someone could find a particular solution for you

----
Radu-Adrian Feurdean
Brainbench Linux MVP
www.brainbench.com
0
 
LVL 2

Expert Comment

by:pheur
ID: 6324245
Ah, forgot to mention, you're not the only one having that problem. Lots of people had this problem (including me :). Some of them still have the problem......
0
 
LVL 4

Expert Comment

by:garisoain
ID: 6324555
pheur> Hey There!!!

One common sugestion on EE is:

"Never propose an answer unless you're 120% sure it will solve the problem"

This is because when we propose answers, the question becomes blocked, and the rest of the experts can't see it on the "Awaiting Answer" list, instead, we all experts are encouraged  to post comments (that can be accepted as answers), so more experts can post their comments and opinion, so the question is better answered.

Greetings!
-garisoain

0
 
LVL 1

Author Comment

by:Ted22
ID: 6324612
The server uses the rsa key and my ip address to verify it's me when I use SSH to connect.
I cannot change that.
My isp uses DHCP.
I cannot change that.

I already tried adding an address to my ppp interface.
(via the original question)

I was wondering if I could route through my ppp connection with a static address. I don't know if this is possible, I could enter the ppp address every time I connect.

I don't understand this proposed answer.
0
 
LVL 4

Expert Comment

by:garisoain
ID: 6324715
mmmm... MAYBE you can set up an encrypted tunnel... and set "local" ip-addresses to both computers, so the server would see your box routed directly, like on a LAN (with a local IP address)... but probably this needs that the server knows your dynamic IP-Address first... =(

mmm... right now I got no access to my Linux box, so I'll confirm this tonight...
-garisoain

PS. how did the DNS2Go-way worked?
0
 
LVL 1

Author Comment

by:Ted22
ID: 6324734
Still looking at it.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 16

Expert Comment

by:The--Captain
ID: 6324818
garisoain has got the correct answer.  Just set up a tunnel between the two, and *bingo* - there's your static address (your IP on your end of the tunnel).  There are definitely tunnelling products that work even if one end is dynamically addressed (PopToP comes to mind, but I'm guessing there are others as well).  

Of course, you could always just re-noegotiate your key every time your IP changes (yeah, yeah, I know this would be potentially vulnerable to man-in-the-middle) - I thought it was worth mentioning.

I don't think DNS2Go will be much more secure than re-negotiating your key.  If I managed to snag your key, all I would have to do is hack DNS and pretend I'm you (not that I'm saying I actually possess the talents to do this).

-Jon


0
 
LVL 1

Author Comment

by:Ted22
ID: 6324866
Still looking at it.
0
 
LVL 1

Author Comment

by:Ted22
ID: 6324878
What I will need is a little insight into how to set up a tunnel.
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 6324906
That depends - what OS are you using on the client side?

-Jon

0
 
LVL 1

Author Comment

by:Ted22
ID: 6325216
RedHat7.1 on client side
0
 
LVL 1

Author Comment

by:Ted22
ID: 6325218
RedHat7.1 on client side
0
 
LVL 4

Expert Comment

by:garisoain
ID: 6325440
Server side???
0
 
LVL 4

Accepted Solution

by:
garisoain earned 150 total points
ID: 6325536
Yep... an encrypted tunnel (VPN) seems to be the choice here, PopToP is a good Server-side option, and from your RedHat Linux Client, you'll got no problem to establish your secure connection here... so, once if once you're tunneled, you start a ssh session, it will be DOUBLE encrypted, if you don't need that, you can manage all your connections thru the tunnel, since it's Secure...

You can find PopToP (PPTP Server for Windows & Linux) on:
http://poptop.lineo.com/

and the PPTP-Linux (PPTP client) on:
http://www.scooter.cx/alpha/pptp.html

(you could find more Linux-software on www.freshmeat.net)

and just to know a little more, you can read the Advanced-Routing-HOWTO:
http://www.linuxdoc.org/HOWTO/Adv-Routing-HOWTO.html

hope this helps...
-garisoain
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 6325917
garisoain - Thanks.  That should get him where he wants to go - you get my vote for points on this one.

-Jon

0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video discusses moving either the default database or any database to a new volume.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now