# How to administer remote servers?



## max21 (Oct 18, 2015)

I’m now trying to get my feet wet in networking since dedicated servers have gotten cheaper than dedicated clouds.   VPS use to be the beer money, now it’s the other way around.   I have two of these cheap servers at the same data-center that I have not yet connect to.  In the end I want to automate them to run FreeBSD, Apache, NGINX, MySQL using PHP and C++.  I read an article a long time ago of how this guy ran a complete automated FreeBSD system for many years, updates and all.  That what brought me to using FreeBSD in the first place, but I turned into a multi-desktop and partitioning geek; duel-boot heaven, now I’m bored!

I know enough that security comes first for FreeBSD and I am willing to pay for it just to see it work if nothing else.  I want to connect to them through a VPN provider.   It will be many months before I put these servers into production.  One will be hosting a bunch of websites and the other _might_ be used for backing up server-2, _and_ acting as a firewall, acting as a monitor, acting as a near-standalone database, at the front-end but works as the back-end server for sever-2.  I’m hoping for suggestions, and correction of my wild ideas.  I hope they are not so cheap to have only one Ethernet port.  I’m thinking with two I can make it happen; but I don’t really know.

1)  Once I make a secure connection to the VPN, will the same secure connection hit server-1 once it leave the VPN.

2) I have one FreeBSD GNOME workstation that will never be use other than to connect to these remote servers through the VPN.  If nothing happen on my end or the VPN’s, is it relevantly safe to keep this first connect running for a month or two?

3)  What are the most recommended ports to use to get started from top to bottom?

It took me every bit of last night (_trials and many errors_) to get to know openssl, to the point where I actually understand and saw how everything  work.  Tonight I will install openvpn and stunnel.  Java something is needed for KVM for BIOS access.  What should I be looking for?  That’s all I read about so far, but everybody talk Linux.

I really appreciate any help you can provide.

max21


----------



## UnixRocks (Oct 18, 2015)

When I administer servers remotely for my day job I use ssh. The company for which I work has an access server that sits in front of all our other servers and provides remote login via ssh. Then to get to any other server I ssh again to that from our access server. The only folk I know of in our company that use the corporate VPN are the Microsoft Windows "admins" and Microsoft Windows users.


----------



## max21 (Oct 18, 2015)

I did a lot of research over the past few weeks; I think your company is on a trusted network and probably using UNIX as its in-house access server.  The majority of users outside the doors (and some on the inside) of your company may need to access the company server through a trusted VPN, which is supposed to provide more security when accessing in-house servers.  Even though windows invented SSTP for Windows, leaving IKEv2 as the next runner up, it is still not so trusted to keep login in and out of any company server(s), directly.

This goes for us to.  If we must connect to our own remote server for a long period of time, we should do it through a trusted VPN, or to create our own, at DO for instances.  I’m thinking about that too, using FreeBSD openvpn and IKEv2 as rickashay rabbit.

A few years ago, most members would say *after you SSH into your server, log out as quickly as possible once you are done*.  Meaning, make sure you know what you got to do, do it now, and don’t go back to often.

With SSH even your IP provider know where you going, and you know the google gang is right behind them, then here comes facebook.   With VPN the only possible hacker is the NSA.  Who care about them, they can waste their time and _your_ money if they like.

It seems that you answered question 1 and 2 UnixRocks.  As I said, I read a lot but no one ever said it works the way I’m thinking.  All I can do is take for granted that it will.  You said it works, kind of indirectly.  If Windows user of the corporate world must use it, it should add to security as well for FreeBSD users.  So, if we going to stay connect for long periods of long time it should be done using a VPN.  This seems to be the way to go so far.

Thanks UnixRocks

Your confidence is all I need.


----------



## UnixRocks (Oct 18, 2015)

Heh, in my case the company for which I work _is_ the ISP. When I login to corporate assets my ISP obviously will know regardless of use of a VPN.  I am a Level III Unix/Linux Systems Administrator and work in the Services division which installs, manages and maintains most of the customer facing internet services we provide. Our policy is to login with ssh using our access server that we maintain. If we need remote desktop access we may use either VNC through an ssh tunnel, or the corporate VPN. I prefer the former.

FYI, we could not care less where our customers connect to and do not monitor that in my division. If it is monitored at all it would have to involve my division in some way as we also are the back-end for the cable modem access platform. All we monitor as far as customers go is raw bandwidth usage since we do have capped services.


----------

