Re: FC6 VPN

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Easily done, but not with windows... I don't know of any windows ssh client that supports X forwarding, which is want you want to be looking at. If you have either a linux machine, or an OS X machine, than you could do this with relatively no problem. I will look into this, as I have been in need of an x client for windows.


- Donald Tripp
----------------------------------------------
HPC Systems Administrator
High Performance Computing Center
University of Hawai'i at Hilo
200 W. Kawili Street
Hilo,   Hawaii   96720


On Dec 19, 2006, at 1:30 PM, Jim Douglas wrote:

From: Donald Tripp <dtripp@xxxxxxxxxx>
Reply-To: For users of Fedora <fedora-list@xxxxxxxxxx>
To: For users of Fedora <fedora-list@xxxxxxxxxx>
Subject: Re: FC6 VPN
Date: Tue, 19 Dec 2006 12:33:16 -1000

What exactly do you need to connect to on the linux server? Anytime  you make a connection between two computers you are using a tcp/ip  port. SSH allows you to forward any local port to any remote port. If  you need to connect to, say a windows share (samba in linux world),  you would forward your local port to the linux server through the ssh  tunnel. Sure, this isn't a true vpn, where you would time // remote_server, but its still friendly to use and secure.


- Donald Tripp
----------------------------------------------
HPC Systems Administrator
High Performance Computing Center
University of Hawai'i at Hilo
200 W. Kawili Street
Hilo,   Hawaii   96720


On Dec 19, 2006, at 12:13 PM, Jim Douglas wrote:

From: James Wilkinson <fedora@xxxxxxxxxxxxxxxxxx>
Reply-To: For users of Fedora <fedora-list@xxxxxxxxxx>
Subject: Re: FC6 VPN
Date: Tue, 19 Dec:23:23 +0000

Jim Douglas wrote:

> VPN w/ SSH is overkill I think, all I need is to securely access  a remote
> box...from Windows Client -> Linux Server.

Very often that will involve PuTTY. PuTTY also makes tunnelling very
easy, and is a *very* good terminal emulator.

> I think I found the answer,
>
> I have SSH up and running, anyone have any good links to  securing my SSH
> configuration?

1. Stick to SSH 2 (in /etc/ssh/sshd_config, use the Protocol keyword)
2. Set up private keys and disable password-based logins
3. Changing the port that SSH listens on will not deter a determined
   attacker, but may help you work out that you've got a determined
   attacker.
4. Make sure you run yum update regularly.
5. Use AllowUsers or AllowGroups to limit which users can log on
   remotely. Don't allow direct root logins -- get users to login as
   themselves and su - (this means attackers have to work out which
   usernames are valid).
6. If you must use passwords, make sure they're not dictionary  words and
   include at least one (better, several) numbers or symbols.
7. Distribute the server public keys via trusted networks -- don't  trust
   the client's ability to "learn" the server's key when it first
   connects, since you don't know that the remote computer really  *is*
   your server.

But really, there's not much securing needed with SSH. It's only  really
vulnerable to a security bug at either end, a dictionary attack, a
man-in-the-middle attack during the first connection, or some new,
unknown mathematics.

Hope this helps,

James.

--
E-mail:     james@ | For every complex problem, there is a  solution that is
aprilcottage.co.uk | simple, neat, and wrong.

--
fedora-list mailing list


I saw PuTTY, it won't do everything I need....thanks for the feedback,

One final question...

I can connect to port 22 inside the firewall and I don't want to  create any holes.  Can you see any problems with adding this to  iptables?

iptables -I RH-Firewall-1-INPUT 3 -p tcp -m tcp --dport 22 --tcp- flags SYN,RST,ACK SYN -j ACCEPT

_________________________________________________________________
Fixing up the home? Live Search can help http://imagine- windowslive.com/search/kits/default.aspx?kit=improve&locale=en- US&source=hmemailtaglinenov06&FORM=WLMTAG

--
fedora-list mailing list



--
fedora-list mailing list


I need to run Linux GUI apps with KDE, GNOME.

Jim

_________________________________________________________________
Your Hotmail address already works to sign into Windows Live Messenger! Get it now http://clk.atdmt.com/MSN/go/msnnkwme0020000001msn/direct/01/?href="">



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux