I have a decent router and a small home network with a mix of Linux and Windows machines. I want to be able to access the Linux machines from outside world via SSH at least (possibly VNC for GUI remote desktop later on). I also want to be able to RDP into the windows machines.
I already set up SSH on the linux boxes and SSH into them from other PC's within the home network. Same with windows RDP; already set that up and can access that from other PC's within home network.
I know that I will have to set up a dynamic DNS service, and then configure my router to link up to the Dynamic DNS service. But my question is what is the best as most secure way to access each individual PC from from outside? Should I just set up port forwarding for each machine/service tuple? i.e.
dynamic.IP.com:1234 -> home_linux_box_01:22
dynamic.IP.com:1235 -> home_linux_box_02:22
dynamic.IP.com:1236 -> home_windows_box_01:<RDP Port>
I know that the first thing to do is put SSH onto a non default port to dissuade attackers. I really don't like the idea of having any of those ports open though, because even if I change to a non default port, wont attackers eventually find the open ones through their port scanning? After they find the open ports, they can stick to that one and try their brute force attacks. How do I protect against that? I read that key files are better than passwords, for Linux SSH. I don't understand what those are or how they work though. And is there an equivalent for windows RDP?
I think one solution is to have a router that supports VPN. I think mine does, it is a SonicWall, but I think you have to pay extra for the VPN client. Can anyone confirm that?
I'd also rather not assume that any of the PC's is always on, because that would become a single point of failure. Maybe in the future I would get a dedicated remote access machine that I use as a point of entry to access my home LAN from the outside, but that is not something I want to do right now. Don't want to spend any money on this if at all possible.
I already set up SSH on the linux boxes and SSH into them from other PC's within the home network. Same with windows RDP; already set that up and can access that from other PC's within home network.
I know that I will have to set up a dynamic DNS service, and then configure my router to link up to the Dynamic DNS service. But my question is what is the best as most secure way to access each individual PC from from outside? Should I just set up port forwarding for each machine/service tuple? i.e.
dynamic.IP.com:1234 -> home_linux_box_01:22
dynamic.IP.com:1235 -> home_linux_box_02:22
dynamic.IP.com:1236 -> home_windows_box_01:<RDP Port>
I know that the first thing to do is put SSH onto a non default port to dissuade attackers. I really don't like the idea of having any of those ports open though, because even if I change to a non default port, wont attackers eventually find the open ones through their port scanning? After they find the open ports, they can stick to that one and try their brute force attacks. How do I protect against that? I read that key files are better than passwords, for Linux SSH. I don't understand what those are or how they work though. And is there an equivalent for windows RDP?
I think one solution is to have a router that supports VPN. I think mine does, it is a SonicWall, but I think you have to pay extra for the VPN client. Can anyone confirm that?
I'd also rather not assume that any of the PC's is always on, because that would become a single point of failure. Maybe in the future I would get a dedicated remote access machine that I use as a point of entry to access my home LAN from the outside, but that is not something I want to do right now. Don't want to spend any money on this if at all possible.
ort number
Facebook
Twitter