August 20 2016

Splashtop Free with 1and1 Cloud Server

So you can’t use TeamViewer Free with your Windows Cloudserver as it requires a paid license to do so, which is a shame since we’re more than capable of doing so with our Linux Cloudservers. So if you were in the market for a solution other than Remote Desktop, perhaps you should give Splashtop a try. Atleast at the time of this writing, Splashtop is a free service allowing you to remote connect to any computer that’s in your Network. Please note the emphasis there. Obviously this would throw a wrench into the plan of using Splashtop since your Cloudserver with 1and1 is in a remote network, but fortunately 1and1 provides a free workaround.

If you are able to do so, setup and configure one of the VPNs offered in your Cloud Panel at 1and1 by following the guides posted in the Cloud Panel help documents here. Once you’re setup and connect, you are now local on your CloudPanel’s network making all of your servers appear local to you! Now once you open up Splashtop, you’ll be able to connect to your Windows Cloudserver without an issue for free!

Another benefit of using this VPN: All of your traffic to and from your server is encrypted regardless of whether or not the traffic was encrypted to begin with. So if you use RDP, Splashtop, or just pull up your sites or other services hosted in your Cloud Panel, you’ll know that it’s tunneled and secured.

December 14 2015

SSH Keys and VPN for Extended Security on 1&1 CloudServers

The plot

You have your Database server hosted inside the 1&1 Cloud and your Boss wants you to lock it down from everything except MySQL, and we mean really lock it down so we already know the Cloud Panel’s Firewall is coming into play and SSH is basically out the window. So you set up the Firewall, add only port 3306 and call it a day. Then the phone rings and your boss is sitting on the other line saying “Wow….I don’t want to use the KVM, I like Putty”. Obviously this is a fictional Boss, our boss can’t turn on the monitor without help, but in this fictional world, your boss wants to SSH.

So you say, “Okay, what’s your IP, I’ll add an exception to the Firewall for your IP to be allowed.

2015-12-14 00_01_10-1&1 Control Panel

Your Boss, being the busy guy he is tells you that not only doesn’t he know it, he wants to be able to connect from any location long as he has a computer he controls. He’s also tired of typing in the long password, and he’d rather get rid of it for sake of security convenience, instead wants to use one of those “key things” he read about somewhere.

The Technical Breakdown

So we have 1 Linux server (CentOS6) running our MySQL Database. We’re going to configure the username “Boss” to SSH into the server via SSH Keys, but we’re going to keep the Firewall in place to block port 22. To circumvent the firewall, we’re going to create a VPN connection in our server’s Data Center (USA).

Supplies Needed

  • DB Server
  • Firewall Policy
  • VPN Created
  • openVPN client

Firewall Creation

This is probably the simpliest part, just go into your CloudPanel and choose “Network” => “Firewall Policies” => Click “Create” and add only 1 rule for port 3306. Then go to “Infrastructure” => “Servers” => Choose your DB Server => Scroll down the “Features” until you reach “Firewall” => Click the Firewall and change it to our new Firewall Policy.

2015-12-14 00_00_44-1&1 Control Panel

VPN Creation

Similarly, creating a VPN is just as easy as the Firewall. “Network” => “VPN” => “Create”. After it’s processed, you can download the Configuration file as seen in the referenced image below. With it, you’ll follow 1&1’s Guide here https://whstatic.1and1.com/help/CloudServer/EN-US/d851538.html for downloading and configuring openVPN.

2015-12-14 00_12_40-1&1 Control Panel

 

CONNECT TO THE VPN BEFORE CONTINUING!!!

SSH Key Generation and Assignment

There’s plenty of guides and ways to create your SSH Keys. Rather than re-create the wheel, here’s a guide from hostgator which is pretty generic (outside of their “Reseller port 2222”).

https://support.hostgator.com/articles/specialized-help/technical/ssh-keying-through-putty-on-windows-or-linux

The main take-away is to use PuttyGen if you’re on a Windows local machine, generate your SSH Key, and upload it to your server. For our tutorial, we’re adding it to the user “Boss”, so do the following inliu of HostGator’s step 5:

[email protected]# mkdir /home/Boss/.ssh
[email protected]# chmod 700 /home/Boss/.ssh
[email protected]# vi /home/Boss/.ssh/authorized_keys2

IN THE VI EDITOR
Press the key i for INSERT mode
Shift + Insert to paste your SSH Key
Press ESC, then the keys :wq so that's : and wq

Why it works

So the VPN, as discussed here: https://timgarrity.me/1and1-ngcs-free-vpn/ , the VPN puts you in the relative area of your Servers, directly past the Firewall. You’re not connected to any one server, but instead each server in that datacenter that’s assigned to you has been added to your IP Routing Table in such a way that traffic to them gets tunneled through the Data Center and towards your server. Since we’re using this VPN, we don’t need port 22 open at all on the Hardware Firewall in the CloudPanel. Because of this, the only way we can SSH into this server with this Firewall the way it is, is activate the VPN every time we want a connection, or configure an additional component by adding a Private Network. The Private Network would then open up the benefit of Nested SSH connections (SSH into Webserver, then SSH from Webserver to DB Server).

November 30 2015

MobaXterm instead of Putty

draft review of MobaXterm

For us Admins to connect to our linux servers, there’s no application that has as great of a recognition than Putty. It’s light-weight, portable, and gets the job done, allowing you to SSH, Telnet, or even make a Serial Connection to your end-resources. All around it’s a must have! Working with multiple servers though, I have found that I outgrew Putty very quickly as I needed a solution for multiple connections and didn’t want to swift through a lot of Windows to find what I’m looking for. My journey was to just find a simple tabbed alternative to putty, and there are a few great worthy-mentions:

Super-Putty (OSS): https://github.com/jimradford/superputty

mRemoteNG (OSS): http://www.mremoteng.org/ A nice, close, 2nd place mention to MobaXterm. If you don’t like the restrictions of the Home version and don’t want to buy a license for Moba, then mRemoteNG should be your next best bet as it’s for free.

MobaXterm 

So I choose MobaXterm for many a reasons, at first I started with mRemoteNG for Multi-Tabbed, but moved to Moba during a trial run and loved it. I’ve yet run into the restrictions of the Home license, and it’s Plugin system and CygWin integration has saved my butt some times. My favorite setup of it, using the MobaXterm as my go-to SSH client, have a CygWin tab open with DNS-Tools, Python, and Git installed, Right out the gate, Moba comes with alot of different features for the network testing like Port-Scanning, Packet Capturing, as well as multiple types of Servers.