Tom Needs A Hat Mitchell said: > On Wed, May 19, 2004 at 12:59:05PM +0800, Edward wrote: > ..... >> So, I was thinking about setting up dyndns or no-ip addresses for >> these servers, then opening up the firewall for either ssh or VPN. >> None of my customers have a static internet address. > > DynDNS costs money small as it is and you still have to script the > discovery of the DHCP assigned address. Since you have to do that > anyhow there is no reason you cannot simply update a resource you own > via ftp, scp, email, what ever. Heck a simple wget from a periodic cron > job of a small special file name on your web site will log the ipaddress > that you need to ssh into the box. The file does not need to exist. > > Also knowing the IP address that each box is on you can now do a > polite port scan as part of the service. Check also for open mail > relays. > > SSH is about as secure as you can get. > SSH in as a normal user then use a second passwd to su/sudo > what you need to do. i currently run a ez-iupdate wrapper script (no access to it now, email me privately if you want it) that hits http://www.linuxadvocate.net/myip to determine the ip, it's just a simple 1 line php script echoing a global var. it's useful to determine your router/firewall's ip address to the outside world (since it won't report your eth0 if you're on a NAT). you may want to look into that. also, i'd like to have other servers out there to do the myip thing for users so i don't get slammed with requests. let me know, i want to build up a directory and then i'll release the wrapper into the wild. -d +( duncan brown : duncanbrown@xxxxxxxxxxxxxxxxx )+ +( linux "just works" : www.linuxadvocate.net )+ -------------------------------------------------- Understatement of the century: "Hello everybody out there using minix - I'm doing a (free) operating system (just a hobby, won't be big and professional like gnu) for 386(486) AT clones" - Linus Torvalds, August 1991 --------------------------------------------------
