Re: FC6 VPN

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: James Wilkinson <fedora@xxxxxxxxxxxxxxxxxx>
Reply-To: For users of Fedora <fedora-list@xxxxxxxxxx>
To: fedora-list@xxxxxxxxxx
Subject: Re: FC6 VPN
Date: Tue, 19 Dec:55:04 +0000

Jim Douglas wrote:
> Can I use OpenSSH with the above software?  I just finished setup and
> configuration of OpenSSH when I saw this post on VPN.
>
>   I only need to access one remote Linux box at a time.

Mike McGrath wrote:
> Sure it could though OpenSSH is considered "secure" by most.  You
> could add OpenVPN as an extra level of security, though I've never
> done that.

jack wallen asked:
> i have to ask - how does one use ssh as a vpn?

Well, normally, you don't -- the debate was about using SSH over a VPN.
As Mike says, it works, it provides an extra layer of "defence in depth"
security (it doesn't matter if there happens to be a security breach in
the VPN if an attacker can't decode the SSH, and there's nothing
vulnerable at either end of the VPN), and it makes it slightly less
obvious that you're using SSH.

But it is possible to use SSH either as a "poor man's" VPN, or as a
"sort-of" VPN. I've never done a full VPN over SSH, but I'd start by
reading http://tldp.org/HOWTO/ppp-ssh/index.html. The advantage of a SSH
VPN is that SSH tends to be a lot less picky about the sort of network
connections it gets than many VPNs, and SSH itself is easier to set up.
Disadvantages include that SSH is supposed to be a poor transport for IP
packets, and that if the SSH connection drops, so do all communications.

You might get on better with port-forwarding. This can be as simple as
ssh -L 5900:192.168.1.55:5901 vncuser@xxxxxxxxxxxxxxxxxxxxxx
This connects you to a computer called jimdouglas.example.com, logs you
in as vncuser (through a password or private key), and creates a tunnel
between port 5900 on your machine and port 5901 on 192.168.1.55 on the
same local network as jimdouglas.example.com (it might or might not be
the same computer as jimdouglas.example.com). That then allows you to
connect a VNC viewer to port 5900 on your own machine, and log into
192.168.1.55.

It works very well for simple one-port protocols like VNC. It can be
more of a challenge to get it to work with SMB or NFS (usually I don't
bother and just sftp what I need).

The advantage of this is that it's easy to set up SSH and be sure it's
going to work, and then it's practical to set up tunnels as needed
remotely.

Hope this helps,

James.

--
E-mail: james@ | top! to bottom from or backwards read not do I, post top
aprilcottage.co.uk | not do Please
                   |     -- Jeff Vian

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

VPN w/ SSH is overkill I think, all I need is to securely access a remote box...from Windows Client -> Linux Server.

I think I found the answer,

http://freenx.berlios.de/

I have SSH up and running, anyone have any good links to securing my SSH configuration?

Jim

_________________________________________________________________
Experience the magic of the holidays. Talk to Santa on Messenger. http://clk.atdmt.com/MSN/go/msnnkwme0080000001msn/direct/01/?href=http://imagine-windowslive.com/minisites/santabot/default.aspx?locale=en-us

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux