FC6 VPN

Jim Douglas jdz99 at hotmail.com
Tue Dec 19 23:30:53 UTC 2006 

>From: Donald Tripp <dtripp at hawaii.edu>
>Reply-To: For users of Fedora <fedora-list at redhat.com>
>To: For users of Fedora <fedora-list at redhat.com>
>Subject: Re: FC6 VPN
>Date: Tue, 19 Dec 2006 12:33:16 -1000
>
>What exactly do you need to connect to on the linux server? Anytime  you 
>make a connection between two computers you are using a tcp/ip  port. SSH 
>allows you to forward any local port to any remote port. If  you need to 
>connect to, say a windows share (samba in linux world),  you would forward 
>your local port to the linux server through the ssh  tunnel. Sure, this 
>isn't a true vpn, where you would time // remote_server, but its still 
>friendly to use and secure.
>
>
>- Donald Tripp
>  dtripp at hawaii.edu
>----------------------------------------------
>HPC Systems Administrator
>High Performance Computing Center
>University of Hawai'i at Hilo
>200 W. Kawili Street
>Hilo,   Hawaii   96720
>http://www.hpc.uhh.hawaii.edu
>
>
>On Dec 19, 2006, at 12:13 PM, Jim Douglas wrote:
>
>>>From: James Wilkinson <fedora at aprilcottage.co.uk>
>>>Reply-To: For users of Fedora <fedora-list at redhat.com>
>>>To: fedora-list at redhat.com
>>>Subject: Re: FC6 VPN
>>>Date: Tue, 19 Dec:23:23 +0000
>>>
>>>Jim Douglas wrote:
>>>
>>> > VPN w/ SSH is overkill I think, all I need is to securely access  a 
>>>remote
>>> > box...from Windows Client -> Linux Server.
>>>
>>>Very often that will involve PuTTY. PuTTY also makes tunnelling very
>>>easy, and is a *very* good terminal emulator.
>>>
>>> > I think I found the answer,
>>> > http://freenx.berlios.de/
>>> >
>>> > I have SSH up and running, anyone have any good links to  securing my 
>>>SSH
>>> > configuration?
>>>
>>>1. Stick to SSH 2 (in /etc/ssh/sshd_config, use the Protocol keyword)
>>>2. Set up private keys and disable password-based logins
>>>3. Changing the port that SSH listens on will not deter a determined
>>>    attacker, but may help you work out that you've got a determined
>>>    attacker.
>>>4. Make sure you run yum update regularly.
>>>5. Use AllowUsers or AllowGroups to limit which users can log on
>>>    remotely. Don't allow direct root logins -- get users to login as
>>>    themselves and su - (this means attackers have to work out which
>>>    usernames are valid).
>>>6. If you must use passwords, make sure they're not dictionary  words and
>>>    include at least one (better, several) numbers or symbols.
>>>7. Distribute the server public keys via trusted networks -- don't  trust
>>>    the client's ability to "learn" the server's key when it first
>>>    connects, since you don't know that the remote computer really  *is*
>>>    your server.
>>>
>>>But really, there's not much securing needed with SSH. It's only  really
>>>vulnerable to a security bug at either end, a dictionary attack, a
>>>man-in-the-middle attack during the first connection, or some new,
>>>unknown mathematics.
>>>
>>>Hope this helps,
>>>
>>>James.
>>>
>>>--
>>>E-mail:     james@ | For every complex problem, there is a  solution that 
>>>is
>>>aprilcottage.co.uk | simple, neat, and wrong.
>>>
>>>--
>>>fedora-list mailing list
>>>fedora-list at redhat.com
>>>To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>>
>>
>>I saw PuTTY, it won't do everything I need....thanks for the feedback,
>>
>>One final question...
>>
>>I can connect to port 22 inside the firewall and I don't want to  create 
>>any holes.  Can you see any problems with adding this to  iptables?
>>
>>iptables -I RH-Firewall-1-INPUT 3 -p tcp -m tcp --dport 22 --tcp- flags 
>>SYN,RST,ACK SYN -j ACCEPT
>>
>>_________________________________________________________________
>>Fixing up the home? Live Search can help http://imagine- 
>>windowslive.com/search/kits/default.aspx?kit=improve&locale=en- 
>>US&source=hmemailtaglinenov06&FORM=WLMTAG
>>
>>--
>>fedora-list mailing list
>>fedora-list at redhat.com
>>To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>


>--
>fedora-list mailing list
>fedora-list at redhat.com
>To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list


I need to run Linux GUI apps with KDE, GNOME.

Jim

_________________________________________________________________
Your Hotmail address already works to sign into Windows Live Messenger! Get 
it now 
http://clk.atdmt.com/MSN/go/msnnkwme0020000001msn/direct/01/?href=http://get.live.com/messenger/overview

More information about the fedora-list mailing list