Ted22
asked on
help SSH PPP
RedHat 7.1
I am trying to connect to a server using SSH from a dial-up connection. The server needs my address.
DHCP gives me a different address every time.
I tried adding an address to PPP (multihosting) but it didn't work.
If I dial-up, then give the server my DHCP address it works. Of course this takes time and I have to make an unsecured login to do it.
Maybe I could set it up to route to PPP somehow using my home network? (USING MY NETWORK CARD IP AS MY ADDRESS) If I had to configure my computer with the address that DHCP gave me each time I could do that.
I wouldn't know how though.
Any ideas welcome. I can't be the only person to ever have this problem.
I am trying to connect to a server using SSH from a dial-up connection. The server needs my address.
DHCP gives me a different address every time.
I tried adding an address to PPP (multihosting) but it didn't work.
If I dial-up, then give the server my DHCP address it works. Of course this takes time and I have to make an unsecured login to do it.
Maybe I could set it up to route to PPP somehow using my home network? (USING MY NETWORK CARD IP AS MY ADDRESS) If I had to configure my computer with the address that DHCP gave me each time I could do that.
I wouldn't know how though.
Any ideas welcome. I can't be the only person to ever have this problem.
ASKER
DNS2go looks like it's more for accessing your home computer from the internet with a name. I don't think it can be used for connecting to a server from home when your address is required on the server. I'm going to check into this.
Yes, that's the main Idea of DNS2Go, but i think their "fixed" hostname feature can help you with your problem...
If you want to say that you need a fixed IP address to be granted shell access via SSH, well it depends on your provider; and providers usually (read "almost never") don't give static IPs for dial-up accounts (many idiotic providers FORCE dynamic IPs even on permanent connections such as DSL/Cable - classical example is Wanadoo/FranceTelecom).
There is a possibility that you add an additional IP to your PPP interface (you certainly can under Linux), but the problem is that you cannot receive IP traffic on that address (you can send but the return traffic doesn't get to you).
In the "Good Old Times" it was possible to force the IP to the access server by setting that IP in the connection config. Of course, it had to be an IP belonging to the dial-up pool you were connecting to. That times are gone, both software and hardware changed.
For me it looks quite stupid to limit access to ssh service based on IP beacuse there are better ways to do that, because ssh is one of the few (if not the only) secure services and denial of service is NOT security.
If you will explain better the situation someone could find a particular solution for you
----
Radu-Adrian Feurdean
Brainbench Linux MVP
www.brainbench.com
There is a possibility that you add an additional IP to your PPP interface (you certainly can under Linux), but the problem is that you cannot receive IP traffic on that address (you can send but the return traffic doesn't get to you).
In the "Good Old Times" it was possible to force the IP to the access server by setting that IP in the connection config. Of course, it had to be an IP belonging to the dial-up pool you were connecting to. That times are gone, both software and hardware changed.
For me it looks quite stupid to limit access to ssh service based on IP beacuse there are better ways to do that, because ssh is one of the few (if not the only) secure services and denial of service is NOT security.
If you will explain better the situation someone could find a particular solution for you
----
Radu-Adrian Feurdean
Brainbench Linux MVP
www.brainbench.com
Ah, forgot to mention, you're not the only one having that problem. Lots of people had this problem (including me :). Some of them still have the problem......
pheur> Hey There!!!
One common sugestion on EE is:
"Never propose an answer unless you're 120% sure it will solve the problem"
This is because when we propose answers, the question becomes blocked, and the rest of the experts can't see it on the "Awaiting Answer" list, instead, we all experts are encouraged to post comments (that can be accepted as answers), so more experts can post their comments and opinion, so the question is better answered.
Greetings!
-garisoain
One common sugestion on EE is:
"Never propose an answer unless you're 120% sure it will solve the problem"
This is because when we propose answers, the question becomes blocked, and the rest of the experts can't see it on the "Awaiting Answer" list, instead, we all experts are encouraged to post comments (that can be accepted as answers), so more experts can post their comments and opinion, so the question is better answered.
Greetings!
-garisoain
ASKER
The server uses the rsa key and my ip address to verify it's me when I use SSH to connect.
I cannot change that.
My isp uses DHCP.
I cannot change that.
I already tried adding an address to my ppp interface.
(via the original question)
I was wondering if I could route through my ppp connection with a static address. I don't know if this is possible, I could enter the ppp address every time I connect.
I don't understand this proposed answer.
I cannot change that.
My isp uses DHCP.
I cannot change that.
I already tried adding an address to my ppp interface.
(via the original question)
I was wondering if I could route through my ppp connection with a static address. I don't know if this is possible, I could enter the ppp address every time I connect.
I don't understand this proposed answer.
mmmm... MAYBE you can set up an encrypted tunnel... and set "local" ip-addresses to both computers, so the server would see your box routed directly, like on a LAN (with a local IP address)... but probably this needs that the server knows your dynamic IP-Address first... =(
mmm... right now I got no access to my Linux box, so I'll confirm this tonight...
-garisoain
PS. how did the DNS2Go-way worked?
mmm... right now I got no access to my Linux box, so I'll confirm this tonight...
-garisoain
PS. how did the DNS2Go-way worked?
ASKER
Still looking at it.
garisoain has got the correct answer. Just set up a tunnel between the two, and *bingo* - there's your static address (your IP on your end of the tunnel). There are definitely tunnelling products that work even if one end is dynamically addressed (PopToP comes to mind, but I'm guessing there are others as well).
Of course, you could always just re-noegotiate your key every time your IP changes (yeah, yeah, I know this would be potentially vulnerable to man-in-the-middle) - I thought it was worth mentioning.
I don't think DNS2Go will be much more secure than re-negotiating your key. If I managed to snag your key, all I would have to do is hack DNS and pretend I'm you (not that I'm saying I actually possess the talents to do this).
-Jon
Of course, you could always just re-noegotiate your key every time your IP changes (yeah, yeah, I know this would be potentially vulnerable to man-in-the-middle) - I thought it was worth mentioning.
I don't think DNS2Go will be much more secure than re-negotiating your key. If I managed to snag your key, all I would have to do is hack DNS and pretend I'm you (not that I'm saying I actually possess the talents to do this).
-Jon
ASKER
Still looking at it.
ASKER
What I will need is a little insight into how to set up a tunnel.
That depends - what OS are you using on the client side?
-Jon
-Jon
ASKER
RedHat7.1 on client side
ASKER
RedHat7.1 on client side
Server side???
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
garisoain - Thanks. That should get him where he wants to go - you get my vote for points on this one.
-Jon
-Jon
http://www.dns2go.com
if your server asks for the hostname, it will always get your current IP address...
=/ hope this helps.
-garisoain