Re: FC6 VPN

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2006-12-19 at 23:30 +0000, Jim Douglas wrote:
> >From: Donald Tripp <dtripp@xxxxxxxxxx>
> >Reply-To: For users of Fedora <fedora-list@xxxxxxxxxx>
> >To: For users of Fedora <fedora-list@xxxxxxxxxx>
> >Subject: Re: FC6 VPN
> >Date: Tue, 19 Dec 2006 12:33:16 -1000
> >
> >What exactly do you need to connect to on the linux server? Anytime  you 
> >make a connection between two computers you are using a tcp/ip  port. SSH 
> >allows you to forward any local port to any remote port. If  you need to 
> >connect to, say a windows share (samba in linux world),  you would forward 
> >your local port to the linux server through the ssh  tunnel. Sure, this 
> >isn't a true vpn, where you would time // remote_server, but its still 
> >friendly to use and secure.
> >
> >On Dec 19, 2006, at 12:13 PM, Jim Douglas wrote:
> >
> >>>From: James Wilkinson <fedora@xxxxxxxxxxxxxxxxxx>
> >>>Reply-To: For users of Fedora <fedora-list@xxxxxxxxxx>
> >>>To: fedora-list@xxxxxxxxxx
> >>>Subject: Re: FC6 VPN
> >>>Date: Tue, 19 Dec:23:23 +0000
> >>>
> >>>Jim Douglas wrote:
> >>>
> >>> > VPN w/ SSH is overkill I think, all I need is to securely access  a 
> >>>remote
> >>> > box...from Windows Client -> Linux Server.
> >>>
> >>>Very often that will involve PuTTY. PuTTY also makes tunnelling very
> >>>easy, and is a *very* good terminal emulator.
> >>>
> >>> > I think I found the answer,
> >>> > http://freenx.berlios.de/
> >>> >
> >>> > I have SSH up and running, anyone have any good links to  securing my 
> >>>SSH
> >>> > configuration?
> >>>
> >>>1. Stick to SSH 2 (in /etc/ssh/sshd_config, use the Protocol keyword)
> >>>2. Set up private keys and disable password-based logins
> >>>3. Changing the port that SSH listens on will not deter a determined
> >>>    attacker, but may help you work out that you've got a determined
> >>>    attacker.
> >>>4. Make sure you run yum update regularly.
> >>>5. Use AllowUsers or AllowGroups to limit which users can log on
> >>>    remotely. Don't allow direct root logins -- get users to login as
> >>>    themselves and su - (this means attackers have to work out which
> >>>    usernames are valid).
> >>>6. If you must use passwords, make sure they're not dictionary  words and
> >>>    include at least one (better, several) numbers or symbols.
> >>>7. Distribute the server public keys via trusted networks -- don't  trust
> >>>    the client's ability to "learn" the server's key when it first
> >>>    connects, since you don't know that the remote computer really  *is*
> >>>    your server.
> >>>
> >>>But really, there's not much securing needed with SSH. It's only  really
> >>>vulnerable to a security bug at either end, a dictionary attack, a
> >>>man-in-the-middle attack during the first connection, or some new,
> >>>unknown mathematics.
> >>>
> >>>Hope this helps,
> >>>
> >>>James.
> >>>
> >>
> >>I saw PuTTY, it won't do everything I need....thanks for the feedback,
> >>
> >>One final question...
> >>
> >>I can connect to port 22 inside the firewall and I don't want to  create 
> >>any holes.  Can you see any problems with adding this to  iptables?
> >>
> >>iptables -I RH-Firewall-1-INPUT 3 -p tcp -m tcp --dport 22 --tcp- flags 
> >>SYN,RST,ACK SYN -j ACCEPT
> I need to run Linux GUI apps with KDE, GNOME.

I do that all the time simply via ssh2.  Just make sure you "ssh -Y
servername" to make sure your $DISPLAY gets forwarded.  GUI apps you
run on "servername" will put their displays on your local machine.

----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens@xxxxxxxxxxxxxxx -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-           Lottery: A tax on people who are bad at math.            -
----------------------------------------------------------------------

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux