NETWORKING STRATEGIES
Ha Ha that sounds so academic. To be honest I am a complete newb at networking and a large part of the impetus for writing this blog is documenting the results of what works for me after hours of tinkering.
If you have a computer that directly connects to the internet, ie the connection cable goes from the modem to your computer, then I suggest you get a router. If not, then stay with the NAT networking option and familiarize yourself with the NAT networking and port fowarding sections of the VBox user manual. Truthfully, VMware Workstation is much easier in this respect, but then getting used to using the command line to get things done is not a bad thing either. Working from the command line is a great thing when doing any kind of remote connections, and I am using it more and more.
If you have a router like I do then you need to enable Host Interface Networking so that Puppy will get its own network address to which you can port forward to in order to connect to the SSH server. Logout and poweroff puppy then go to the network settings tab and click on the add host interface button:
Click ok and VBox will add a virtual network card named whatever name you gave it. Go to Start->Control Panel->Network Connections and you should see it there. You will probably get an icon in your taskbar indicating an unconnected network device. This actually stayed whether puppy was running or not, and the way I got rid of it was to right click the connection, enter the Properties menu, Configure, then the Advanced tab and hilight Media Status and choose Always Connected.
Now the part that was a little scary for me but it worked out fine and was easily reversible if needed: bridging the connection between your new Host Interface and your physical LAN connection. For me, the host interface alone did not produce a working connection. Puppy detected the network as alive but was never able to get a network IP address. In order for puppy to communicate with the router the connection had to be bridged. I also tried the 1394 adapter, but only the bridge with the physical Local Area Connection worked, and indeed in the User Manual it states you must bridge the connection with the physical adapter.
So, I would suggest making two or three Host Interface Connections for bridging, since only 1 adapter can by used per machine. Next, press the Ctrl button while hilighting the Local Area Connection and the Host Interface Connections. Then go to the Advanced tab and choose bridge connections:
XP will create a bridge and the result should look something like this:
NOTE: THE HOST COMPUTER WILL NOW HAVE A NEW NETWORK IP ADDRESS! Previously it was probably 192.168.1.100, however now that it is bridged your router will assign it a new address, so change all your port fowarding settings as needed. To see what your network address is in XP open the command window and type ipconfig. All your network addresses will show, the Network Bridge is your host IP that you would forward to. In puppy, or any linux, open a console and type ip addr to find your network IP. Make a note of this because you will need it later.
INSTALL SSH SERVER IN PUPPY 215CE
Now start puppy up (remember to remount the OS iso if needed) and choose connections on the desktop. Choose connect to the internet->eth0->AutoDHCP and you should be good to go! Check for your new network IP address and write it down.
Now, mount the iso with all your programs on it and choose the sshd-sftp.pup. Follow all the prompts and choose the defaults. Next open a console (Right hand side of the desktop). Type:
passwd
and enter a password for the username, which is root by default. I always have to do this twice! The first time I get a segmentation fault and then the second time it goes through. This is the password you will need to sign into the ssh server.
Now, go to Menu->File System->Rox and from there press the up button til you get to the top level directory. Now click (only once) usr->etc and you are in the /usr/etc directory (I will use this convention from now on). Right click->Window->choose Terminal here and type
./sshd.sh
'./'(period slash) is unix for 'run this executable', like double clicking an .exe. The sshd.sh program will create several new files in this folder. You will get a window telling you you have to create a password, which you have done. When it is finished close the console and open a new one. Type
/usr/sbin/sshd
and your ssh server will be activated!!
To test it, type
ssh localhost -l root
and you should get a password prompt. Enter your password and it the resulting '#' type
logout
or
exit
Now, open your router access and port forward a random port to port 22 of the puppy machine. If you cannot do this, then let me know and I will tell you how to edit sshd_config so that your server will listen at a different port. DO NOT OPEN UP PORT 22 ON YOUR ROUTER OR HOST! This is a common place so called 'script kiddies' scan in order to find vulnerable computers. To test it open the console and type
ssh your_ip -p your_port -l root
where 'your_ip' is your OUTSIDE address, as seen with whatsmyip.org, and 'you_port' is the port # you chose earlier. You should get a message about being sure you have contacted the right address. Choose yes then you should be prompted for a password and then a '#' prompt. Again, type logout and feel good about setting up your shine new ssh server!!
Now you can use your new server to communicate with puppy from outside, or better yet as a proxy server which allows you to bypass firewalls and local servers. Just follow the directions from this previous blog and you should be rockin'!! Next I will describe how to VNC over SSH so that you can securely control Puppy from a remote computer. Now the fun really begins!!
1 comment:
Nice article. Thanks for posting it. I disagree about port 22 though - a good port scanner will be able to identify any open ports and can easily tell if you are running SSH on those ports. The safest way to protect yourself is to harden your security. I've run SSH for years on Port 22 on various other Linux Distros. What you need to do is disable password authentication and allow login by public key only. IMHO anyone allowing password login via SSH on any port is asking for trouble (or just plain nuts). Thanks again for the good primers on Puppy.
Post a Comment