FC6 VPN

Donald Tripp dtripp at hawaii.edu
Wed Dec 20 00:33:17 UTC 2006 

Easily done, but not with windows... I don't know of any windows ssh  
client that supports X forwarding, which is want you want to be  
looking at. If you have either a linux machine, or an OS X machine,  
than you could do this with relatively no problem. I will look into  
this, as I have been in need of an x client for windows.


- Donald Tripp
  dtripp at hawaii.edu
----------------------------------------------
HPC Systems Administrator
High Performance Computing Center
University of Hawai'i at Hilo
200 W. Kawili Street
Hilo,   Hawaii   96720
http://www.hpc.uhh.hawaii.edu


On Dec 19, 2006, at 1:30 PM, Jim Douglas wrote:

>> From: Donald Tripp <dtripp at hawaii.edu>
>> Reply-To: For users of Fedora <fedora-list at redhat.com>
>> To: For users of Fedora <fedora-list at redhat.com>
>> Subject: Re: FC6 VPN
>> Date: Tue, 19 Dec 2006 12:33:16 -1000
>>
>> What exactly do you need to connect to on the linux server?  
>> Anytime  you make a connection between two computers you are using  
>> a tcp/ip  port. SSH allows you to forward any local port to any  
>> remote port. If  you need to connect to, say a windows share  
>> (samba in linux world),  you would forward your local port to the  
>> linux server through the ssh  tunnel. Sure, this isn't a true vpn,  
>> where you would time // remote_server, but its still friendly to  
>> use and secure.
>>
>>
>> - Donald Tripp
>>  dtripp at hawaii.edu
>> ----------------------------------------------
>> HPC Systems Administrator
>> High Performance Computing Center
>> University of Hawai'i at Hilo
>> 200 W. Kawili Street
>> Hilo,   Hawaii   96720
>> http://www.hpc.uhh.hawaii.edu
>>
>>
>> On Dec 19, 2006, at 12:13 PM, Jim Douglas wrote:
>>
>>>> From: James Wilkinson <fedora at aprilcottage.co.uk>
>>>> Reply-To: For users of Fedora <fedora-list at redhat.com>
>>>> To: fedora-list at redhat.com
>>>> Subject: Re: FC6 VPN
>>>> Date: Tue, 19 Dec:23:23 +0000
>>>>
>>>> Jim Douglas wrote:
>>>>
>>>> > VPN w/ SSH is overkill I think, all I need is to securely  
>>>> access  a remote
>>>> > box...from Windows Client -> Linux Server.
>>>>
>>>> Very often that will involve PuTTY. PuTTY also makes tunnelling  
>>>> very
>>>> easy, and is a *very* good terminal emulator.
>>>>
>>>> > I think I found the answer,
>>>> > http://freenx.berlios.de/
>>>> >
>>>> > I have SSH up and running, anyone have any good links to   
>>>> securing my SSH
>>>> > configuration?
>>>>
>>>> 1. Stick to SSH 2 (in /etc/ssh/sshd_config, use the Protocol  
>>>> keyword)
>>>> 2. Set up private keys and disable password-based logins
>>>> 3. Changing the port that SSH listens on will not deter a  
>>>> determined
>>>>    attacker, but may help you work out that you've got a determined
>>>>    attacker.
>>>> 4. Make sure you run yum update regularly.
>>>> 5. Use AllowUsers or AllowGroups to limit which users can log on
>>>>    remotely. Don't allow direct root logins -- get users to  
>>>> login as
>>>>    themselves and su - (this means attackers have to work out which
>>>>    usernames are valid).
>>>> 6. If you must use passwords, make sure they're not dictionary   
>>>> words and
>>>>    include at least one (better, several) numbers or symbols.
>>>> 7. Distribute the server public keys via trusted networks --  
>>>> don't  trust
>>>>    the client's ability to "learn" the server's key when it first
>>>>    connects, since you don't know that the remote computer  
>>>> really  *is*
>>>>    your server.
>>>>
>>>> But really, there's not much securing needed with SSH. It's  
>>>> only  really
>>>> vulnerable to a security bug at either end, a dictionary attack, a
>>>> man-in-the-middle attack during the first connection, or some new,
>>>> unknown mathematics.
>>>>
>>>> Hope this helps,
>>>>
>>>> James.
>>>>
>>>> --
>>>> E-mail:     james@ | For every complex problem, there is a   
>>>> solution that is
>>>> aprilcottage.co.uk | simple, neat, and wrong.
>>>>
>>>> --
>>>> fedora-list mailing list
>>>> fedora-list at redhat.com
>>>> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>>>
>>>
>>> I saw PuTTY, it won't do everything I need....thanks for the  
>>> feedback,
>>>
>>> One final question...
>>>
>>> I can connect to port 22 inside the firewall and I don't want to   
>>> create any holes.  Can you see any problems with adding this to   
>>> iptables?
>>>
>>> iptables -I RH-Firewall-1-INPUT 3 -p tcp -m tcp --dport 22 --tcp-  
>>> flags SYN,RST,ACK SYN -j ACCEPT
>>>
>>> _________________________________________________________________
>>> Fixing up the home? Live Search can help http://imagine-  
>>> windowslive.com/search/kits/default.aspx?kit=improve&locale=en-  
>>> US&source=hmemailtaglinenov06&FORM=WLMTAG
>>>
>>> --
>>> fedora-list mailing list
>>> fedora-list at redhat.com
>>> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>>
>
>
>> --
>> fedora-list mailing list
>> fedora-list at redhat.com
>> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>
>
> I need to run Linux GUI apps with KDE, GNOME.
>
> Jim
>
> _________________________________________________________________
> Your Hotmail address already works to sign into Windows Live  
> Messenger! Get it now http://clk.atdmt.com/MSN/go/ 
> msnnkwme0020000001msn/direct/01/?href=http://get.live.com/messenger/ 
> overview
>
> -- 
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20061219/2b90e12c/attachment-0001.htm>

More information about the fedora-list mailing list