1

I want to access my home computer from my laptop over the internet. Both run Lubuntu.

I'm sure this is a talked-to-death topic, but most guides I find seem to be incomplete and somewhat careless from the security perspective. Setting up a vulnerable public-facing remote access service on my main machine would be a massive disaster for me. The drive contains lots of confidential and otherwise sensitive information.

Can you provide a complete guide (or link to it) with all the key security considerations included?

(ie are the default openssh settings good enough? What about xrdp? What needs to be done?)

J. Paparas
  • 39
  • If your router supports VPN, use it with strong passwords and you'll be fine. I think this question is too broad and there are a lot of similar questions around here. Did you do any research before asking volunteers to provide you with a complete guide? – pLumo Apr 08 '19 at 08:12
  • @RoVo This is an example of the bad advice I'm trying to navigate around. Routers are often the most vulnerable entry point with old/abandoned firmware and multiple exploits available. I'm not asking volunteers to write me a book, I'm asking for the title of a good one. And this is because most of my searches end up with quick blogposts or stackexchange answers of a guy that short of knows enough to get openssh running, but he doesn't understand what he's really doing. So yes, I did my research, and I'd like for someone knowledgeable to help me find a concise guide to do remote access safely. – J. Paparas Apr 08 '19 at 09:30
  • If your router is the vulnerable entry point and does not receive updates anymore, you should consider getting a different brand which provides updates. – pLumo Apr 08 '19 at 09:33
  • Maybe something like Teamviewer would suit your needs: https://community.teamviewer.com/t5/Knowledge-Base/How-to-install-TeamViewer-on-Ubuntu/ta-p/45 – WinEunuuchs2Unix Apr 08 '19 at 11:20
  • Probably you will find this topic useful: https://askubuntu.com/q/1005337/566421 There: 1) One VPS is engaged to be mediator between the home server and the client computer; 2) The home server is setup to establish a connection with port forwarding to the VPS; 3) From the client computer you need to: 3.1) establish ssh connection with port forwarding to the VPS; 3.2) establish ssh connection (through the already created ssh tunnel) to the home server and here you can forward some additional ports (VNC or/and RDP); 4) at this point you can connect to these forwarded ports (VNC or/and RDP)... – pa4080 Apr 09 '19 at 12:18
  • You can use different ssh keys for each ssh connection and can protect the key of the home server with pass phrase... – pa4080 Apr 09 '19 at 12:22
  • @pa4080 Thank you for your useful answer. – J. Paparas Apr 10 '19 at 13:49
  • Also consider using fail2ban – Taavi Apr 15 '19 at 19:22

0 Answers0