on ssh

this combo allows only 1 ip to root access with key…

in authorized_keys
from=”123.234.345.567” ssh-rsa AAAAmypubkeyverylong== [email protected]

in sshd_config
PermitRootLogin without-password

this allows sftp only..no shell access for root. we can jolly combine this with
PermitRootLogin without-password
for scripted file transfers and the like.

[email protected]:~$ ssh [email protected]
Enter passphrase for key ‘/home/lz/.ssh/id_rsa’:
[email protected]’s password:
This service allows sftp connections only.
Connection to 234.345.456.567 closed.

in sshd_config

Match User root
ForceCommand internal-sftp

remote access with ssh

teamviewer or ngrok are yet another vulnerability layer and crappy software from fly-by-night developers that run on our computers so lets not use them.

lets stick to openssh-server. a yum or apt-get install away.

from http://blog.trackets.com/2014/05/17/ssh-tunnel-local-and-remote-port-forwarding-explained-with-examples.html

assuming our home pc’s public,external, web facing ip address is 1.2.3.4, we have a user lz on the home pc and a user liangzhu in the bii pc:

on the bii pc, do
ssh -R 9000:localhost:22 [email protected]
then leave it connected and then go home

at home, on your home pc, do
ssh -p 9000 [email protected]

on your bii pc’s /etc/ssh/sshd_conf you might need to add this line

GatewayPorts yes

and do a
service sshd reload
for this to work