I've got a server I want to connect to remotely w/ my laptop. Any advice?

[Mega2]

I have a fairly large server at my house that runs CentOS 7. As it has most of my work software, I want to be able to directly access the terminal from my laptop (running Win10) while I'm at school.

What are some good, free programs that might work for my needs?

Note: the server will be left idling while I'm at school

[charlie_root]

I would run ssh on the server and enable port forwarding in the gateway to forward port 22 to port 22 on the server's RFC1918 address.

[Applefreak]

3 minutes ago, Mega2 said:

I have a fairly large server at my house that runs CentOS 7. As it has most of my work software, I want to be able to directly access the terminal from my laptop (running Win10) while I'm at school.

What are some good, free programs that might work for my needs?

Note: the server will be left idling while I'm at school

I use Putty and SSH protocol to connect to my server. Having a home server connected to the outside comes with it's own risks as well as benefits. Something you have to decide for yourself. If you have a static IP, that's fairly easy. If not, you will need a host in between that updates your home IP with a fixed IP. This adds another layer of risk, as those services get breached from time to time. Of course you could setup something like that yourself but you will need a server with a static ip outside your home where your home server can connect to and you while at school. You can use DynDNS for that for example.

[Mega2]

1 hour ago, charlie_root said:

I would run ssh on the server and enable port forwarding in the gateway to forward port 22 to port 22 on the server's RFC1918 address.

Thanks for the advice. I'm pretty new to using remote access tech but was recently recommended not to use port 22. Is there a reason why I should be using port 22?

[Mega2]

1 hour ago, Applefreak said:

I use Putty and SSH protocol to connect to my server. Having a home server connected to the outside comes with it's own risks as well as benefits. Something you have to decide for yourself. If you have a static IP, that's fairly easy. If not, you will need a host in between that updates your home IP with a fixed IP. This adds another layer of risk, as those services get breached from time to time. Of course you could setup something like that yourself but you will need a server with a static ip outside your home where your home server can connect to and you while at school. You can use DynDNS for that for example.

Thanks for the advice. Is there a way for me to update my server IP once every given interval? I say this because I work with some fairly regulated gov't software. Nuclear stuff.

[charlie_root]

4 hours ago, Mega2 said:

Thanks for the advice. I'm pretty new to using remote access tech but was recently recommended not to use port 22. Is there a reason why I should be using port 22?

There are bots that scan the internet looking for devices with port 22 open and attempt to brute force SSH logins. If you have a long and complex password or have disabled password authentication and are using public key authentication only, this is not of huge concern. Some people set SSH to listen on a non-standard port so that these automated attacks don't occur. The security benefit here is just that automatic dumb attacks won't hit your server. Anyone who does a port scan will see the port open and can quickly figure out that it's running SSH. But it keeps your logs clean of failed login attempts from bots so that if you see failed attempts, you know that a more sophisticated attacker is targeting you.

 

You can change the port by editing /etc/ssh/sshd_config

Find the line that says "#Port 22", remove the "#", and change the port number to whatever you wish. Restart ssh and make sure any firewall rules on the machine and your port forwarding on the gateway match the new port.

[Mega2]

5 minutes ago, charlie_root said:

There are bots that scan the internet looking for devices with port 22 open and attempt to brute force SSH logins. If you have a long and complex password or have disabled password authentication and are using public key authentication only, this is not of huge concern. Some people set SSH to listen on a non-standard port so that these automated attacks don't occur. The security benefit here is just that automatic dumb attacks won't hit your server. Anyone who does a port scan will see the port open and can quickly figure out that it's running SSH. But it keeps your logs clean of failed login attempts from bots so that if you see failed attempts, you know that a more sophisticated attacker is targeting you.

 

You can change the port by editing /etc/ssh/sshd_config

Find the line that says "#Port 22", remove the "#", and change the port number to whatever you wish. Restart ssh and make sure any firewall rules on the machine and your port forwarding on the gateway match the new port.

Gotcha. Wouldn't it be easier to avoid this issue altogether by using a different port number?

[Electronics Wizardy]

32 minutes ago, Mega2 said:

Gotcha. Wouldn't it be easier to avoid this issue altogether by using a different port number?

It doesn't really get rid of the issue, I have hosted ssh on random ports before, and still get tons of bogus logins.

 

Id focus more on keep the system up to date, and using certs and 2fa for ssh login for the best security. Or use a vpn for remote access.

[Mega2]

Just now, Electronics Wizardy said:

It doesn't really get rid of the issue, I have hosted ssh on random ports before, and still get tons of bogus logins.

 

Id focus more on keep the system up to date, and using certs and 2fa for ssh login for the best security. Or use a vpn for remote access.

Thanks. What VPN companies would you recommend and how much would it cost for 1 user?

[Electronics Wizardy]

1 minute ago, Mega2 said:

Thanks. What VPN companies would you recommend and how much would it cost for 1 user?

Just setup your own vpn on the server or router with something like wireguard or openvpn. 

 

But ssh is likely fine for a single server.

[Mega2]

1 minute ago, Electronics Wizardy said:

Just setup your own vpn on the server or router with something like wireguard or openvpn. 

 

But ssh is likely fine for a single server.

Gotcha. So what I should do is use wireguard/openvpn to make a VPN that will put me on the same IP address as the LAN and connect to the server's terminal with an SSH like PuTTy?

[Electronics Wizardy]

Just now, Mega2 said:

Gotcha. So what I should do is use wireguard/openvpn to make a VPN that will put me on the same IP address as the LAN and connect to the server's terminal with an SSH like PuTTy?

Thats the most secure way to do it. But ssh on its own is likely more than enough security if setup right