• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 312
  • Last Modified:

help SSH PPP

RedHat 7.1

I am trying to connect to a server using SSH from a dial-up connection. The server needs my address.

DHCP gives me a different address every time.

I tried adding an address to PPP (multihosting) but it didn't work.

If I dial-up, then give the server my DHCP address it works. Of course this takes time and I have to make an unsecured login to do it.

Maybe I could set it up to route to PPP somehow using my home network? (USING MY NETWORK CARD IP AS MY ADDRESS) If I had to configure my computer with the address that DHCP gave me each time I could do that.

I wouldn't know how though.
Any ideas welcome. I can't be the only person to ever have this problem.


0
Ted22
Asked:
Ted22
  • 7
  • 6
  • 3
  • +1
1 Solution
 
garisoainCommented:
have you tried DNS2go? this way you can get a fixed hostname routed to your IP-Address every time you got a new one....

http://www.dns2go.com

if your server asks for the hostname, it will always get your current IP address...

=/ hope this helps.
-garisoain
0
 
Ted22Author Commented:
DNS2go looks like it's more for accessing your home computer from the internet with a name. I don't think it can be used for connecting to a server from home when your address is required on the server. I'm going to check into this.
0
 
garisoainCommented:
Yes, that's the main Idea of DNS2Go, but i think their "fixed" hostname feature can help you with your problem...

0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
pheurCommented:
If you want to say that you need a fixed IP address to be granted shell access via SSH, well it depends on your provider; and providers usually (read "almost never") don't give static IPs for dial-up accounts (many idiotic providers FORCE dynamic IPs even on permanent connections such as DSL/Cable - classical example is Wanadoo/FranceTelecom).

There is a possibility that you add an additional IP to your PPP interface (you certainly can under Linux), but the problem is that you cannot receive IP traffic on that address (you can send but the return traffic doesn't get to you).

In the "Good Old Times" it was possible to force the IP to the access server by setting that IP in the connection config. Of course, it had to be an IP belonging to the dial-up pool you were connecting to. That times are gone, both software and hardware changed.

For me it looks quite stupid to limit access to ssh service based on IP beacuse there are better ways to do that, because ssh is one of the few (if not the only) secure services and denial of service is NOT security.

If you will explain better the situation someone could find a particular solution for you

----
Radu-Adrian Feurdean
Brainbench Linux MVP
www.brainbench.com
0
 
pheurCommented:
Ah, forgot to mention, you're not the only one having that problem. Lots of people had this problem (including me :). Some of them still have the problem......
0
 
garisoainCommented:
pheur> Hey There!!!

One common sugestion on EE is:

"Never propose an answer unless you're 120% sure it will solve the problem"

This is because when we propose answers, the question becomes blocked, and the rest of the experts can't see it on the "Awaiting Answer" list, instead, we all experts are encouraged  to post comments (that can be accepted as answers), so more experts can post their comments and opinion, so the question is better answered.

Greetings!
-garisoain

0
 
Ted22Author Commented:
The server uses the rsa key and my ip address to verify it's me when I use SSH to connect.
I cannot change that.
My isp uses DHCP.
I cannot change that.

I already tried adding an address to my ppp interface.
(via the original question)

I was wondering if I could route through my ppp connection with a static address. I don't know if this is possible, I could enter the ppp address every time I connect.

I don't understand this proposed answer.
0
 
garisoainCommented:
mmmm... MAYBE you can set up an encrypted tunnel... and set "local" ip-addresses to both computers, so the server would see your box routed directly, like on a LAN (with a local IP address)... but probably this needs that the server knows your dynamic IP-Address first... =(

mmm... right now I got no access to my Linux box, so I'll confirm this tonight...
-garisoain

PS. how did the DNS2Go-way worked?
0
 
Ted22Author Commented:
Still looking at it.
0
 
The--CaptainCommented:
garisoain has got the correct answer.  Just set up a tunnel between the two, and *bingo* - there's your static address (your IP on your end of the tunnel).  There are definitely tunnelling products that work even if one end is dynamically addressed (PopToP comes to mind, but I'm guessing there are others as well).  

Of course, you could always just re-noegotiate your key every time your IP changes (yeah, yeah, I know this would be potentially vulnerable to man-in-the-middle) - I thought it was worth mentioning.

I don't think DNS2Go will be much more secure than re-negotiating your key.  If I managed to snag your key, all I would have to do is hack DNS and pretend I'm you (not that I'm saying I actually possess the talents to do this).

-Jon


0
 
Ted22Author Commented:
Still looking at it.
0
 
Ted22Author Commented:
What I will need is a little insight into how to set up a tunnel.
0
 
The--CaptainCommented:
That depends - what OS are you using on the client side?

-Jon

0
 
Ted22Author Commented:
RedHat7.1 on client side
0
 
Ted22Author Commented:
RedHat7.1 on client side
0
 
garisoainCommented:
Server side???
0
 
garisoainCommented:
Yep... an encrypted tunnel (VPN) seems to be the choice here, PopToP is a good Server-side option, and from your RedHat Linux Client, you'll got no problem to establish your secure connection here... so, once if once you're tunneled, you start a ssh session, it will be DOUBLE encrypted, if you don't need that, you can manage all your connections thru the tunnel, since it's Secure...

You can find PopToP (PPTP Server for Windows & Linux) on:
http://poptop.lineo.com/

and the PPTP-Linux (PPTP client) on:
http://www.scooter.cx/alpha/pptp.html

(you could find more Linux-software on www.freshmeat.net)

and just to know a little more, you can read the Advanced-Routing-HOWTO:
http://www.linuxdoc.org/HOWTO/Adv-Routing-HOWTO.html

hope this helps...
-garisoain
0
 
The--CaptainCommented:
garisoain - Thanks.  That should get him where he wants to go - you get my vote for points on this one.

-Jon

0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 7
  • 6
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now