Next Previous Contents

11. Remote access and remote administration

This is a tricky chapter, because we want to build a secure server, then remote access is something we don't want. On the other hand it might be very handy for yourself to do some remote administration on your server.

11.1 Telnet


This is probably the most widely used method of accessing a remote system. Telnet is a terminal emulator across a network connection. The benefit of telnet is it's wide spread use and thus support, the downside is security.

To gain some security with telnet, telnet is started from inetd (in.telnetd). However the entire login session of telnet is send as plain ASCII. This means usernames and passwords travel across the network in human readable format. This is not secure. So some points of advise, don't use telnet. For remote access SSH.


Comment the line in /etc/inetd.conf that starts in.telnetd and check /etc/hosts.allow to make sure that in.telnetd can't be used.

11.2 SSH


SSH means Secure SHell. What makes SSH special is the use of encryption. Everything that SSH sends over the network is encrypted first. This way usernames and passwords are not sniffeable.


apt-get install ssh


in /etc/ssh/:


This file describes the configuration of the SSH client. Make sure it only uses protocol 2 for connections:

Protocol 2


This is the server site configuration file. Important parameters in this file are AllowHosts, DenyHosts and AllowUsers. The strongest security is offered by:

AllowUsers user@host.domein
Protocol 2
PermitRootLogin no






Is the private part of the host key. This one is generated by ssh-keygen.

The public part of the host_key file. This file can be used in the known_hosts file.


The seed file for the random nummer generator.


In /etc/hosts.allow add this line and replace the IP-address with the IP-address from which you want to connect:

sshd: <em>

11.3 Access from Windows(tm)

For access from Windows systems use putty2.exe.

11.4 Tests

ssh to a server, to make sure you can get out en ssh back in to see if it works.

Next Previous Contents