FC6 VPN

Donald Tripp dtripp at hawaii.edu
Wed Dec 20 00:59:41 UTC 2006 

Your options look to be:

http://x.cygwin.com/ (free)
http://www.labf.com/winaxe/index.html (commercial product)
http://www.microimages.com/mix/ (commercial product)

and so on, do a google search for "windowx x client":

http://www.google.com/search?hl=en&lr=&client=safari&rls=en&q=windows 
+x+client&btnG=Search


On your server side, you need to have XForwarding enabled in the /etc/ 
ssh/sshd_config file. Then you can run any application you would like  
off the server by simply running it, or if you want to run a whole  
session, use gnomesession.


- Donald Tripp
  dtripp at hawaii.edu
----------------------------------------------
HPC Systems Administrator
High Performance Computing Center
University of Hawai'i at Hilo
200 W. Kawili Street
Hilo,   Hawaii   96720
http://www.hpc.uhh.hawaii.edu


On Dec 19, 2006, at 2:33 PM, Donald Tripp wrote:

> Easily done, but not with windows... I don't know of any windows  
> ssh client that supports X forwarding, which is want you want to be  
> looking at. If you have either a linux machine, or an OS X machine,  
> than you could do this with relatively no problem. I will look into  
> this, as I have been in need of an x client for windows.
>
>
> - Donald Tripp
>  dtripp at hawaii.edu
> ----------------------------------------------
> HPC Systems Administrator
> High Performance Computing Center
> University of Hawai'i at Hilo
> 200 W. Kawili Street
> Hilo,   Hawaii   96720
> http://www.hpc.uhh.hawaii.edu
>
>
> On Dec 19, 2006, at 1:30 PM, Jim Douglas wrote:
>
>>> From: Donald Tripp <dtripp at hawaii.edu>
>>> Reply-To: For users of Fedora <fedora-list at redhat.com>
>>> To: For users of Fedora <fedora-list at redhat.com>
>>> Subject: Re: FC6 VPN
>>> Date: Tue, 19 Dec 2006 12:33:16 -1000
>>>
>>> What exactly do you need to connect to on the linux server?  
>>> Anytime  you make a connection between two computers you are  
>>> using a tcp/ip  port. SSH allows you to forward any local port to  
>>> any remote port. If  you need to connect to, say a windows share  
>>> (samba in linux world),  you would forward your local port to the  
>>> linux server through the ssh  tunnel. Sure, this isn't a true  
>>> vpn, where you would time // remote_server, but its still  
>>> friendly to use and secure.
>>>
>>>
>>> - Donald Tripp
>>>  dtripp at hawaii.edu
>>> ----------------------------------------------
>>> HPC Systems Administrator
>>> High Performance Computing Center
>>> University of Hawai'i at Hilo
>>> 200 W. Kawili Street
>>> Hilo,   Hawaii   96720
>>> http://www.hpc.uhh.hawaii.edu
>>>
>>>
>>> On Dec 19, 2006, at 12:13 PM, Jim Douglas wrote:
>>>
>>>>> From: James Wilkinson <fedora at aprilcottage.co.uk>
>>>>> Reply-To: For users of Fedora <fedora-list at redhat.com>
>>>>> To: fedora-list at redhat.com
>>>>> Subject: Re: FC6 VPN
>>>>> Date: Tue, 19 Dec:23:23 +0000
>>>>>
>>>>> Jim Douglas wrote:
>>>>>
>>>>> > VPN w/ SSH is overkill I think, all I need is to securely  
>>>>> access  a remote
>>>>> > box...from Windows Client -> Linux Server.
>>>>>
>>>>> Very often that will involve PuTTY. PuTTY also makes tunnelling  
>>>>> very
>>>>> easy, and is a *very* good terminal emulator.
>>>>>
>>>>> > I think I found the answer,
>>>>> > http://freenx.berlios.de/
>>>>> >
>>>>> > I have SSH up and running, anyone have any good links to   
>>>>> securing my SSH
>>>>> > configuration?
>>>>>
>>>>> 1. Stick to SSH 2 (in /etc/ssh/sshd_config, use the Protocol  
>>>>> keyword)
>>>>> 2. Set up private keys and disable password-based logins
>>>>> 3. Changing the port that SSH listens on will not deter a  
>>>>> determined
>>>>>    attacker, but may help you work out that you've got a  
>>>>> determined
>>>>>    attacker.
>>>>> 4. Make sure you run yum update regularly.
>>>>> 5. Use AllowUsers or AllowGroups to limit which users can log on
>>>>>    remotely. Don't allow direct root logins -- get users to  
>>>>> login as
>>>>>    themselves and su - (this means attackers have to work out  
>>>>> which
>>>>>    usernames are valid).
>>>>> 6. If you must use passwords, make sure they're not dictionary   
>>>>> words and
>>>>>    include at least one (better, several) numbers or symbols.
>>>>> 7. Distribute the server public keys via trusted networks --  
>>>>> don't  trust
>>>>>    the client's ability to "learn" the server's key when it first
>>>>>    connects, since you don't know that the remote computer  
>>>>> really  *is*
>>>>>    your server.
>>>>>
>>>>> But really, there's not much securing needed with SSH. It's  
>>>>> only  really
>>>>> vulnerable to a security bug at either end, a dictionary attack, a
>>>>> man-in-the-middle attack during the first connection, or some new,
>>>>> unknown mathematics.
>>>>>
>>>>> Hope this helps,
>>>>>
>>>>> James.
>>>>>
>>>>> --
>>>>> E-mail:     james@ | For every complex problem, there is a   
>>>>> solution that is
>>>>> aprilcottage.co.uk | simple, neat, and wrong.
>>>>>
>>>>> --
>>>>> fedora-list mailing list
>>>>> fedora-list at redhat.com
>>>>> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora- 
>>>>> list
>>>>
>>>>
>>>> I saw PuTTY, it won't do everything I need....thanks for the  
>>>> feedback,
>>>>
>>>> One final question...
>>>>
>>>> I can connect to port 22 inside the firewall and I don't want  
>>>> to  create any holes.  Can you see any problems with adding this  
>>>> to  iptables?
>>>>
>>>> iptables -I RH-Firewall-1-INPUT 3 -p tcp -m tcp --dport 22 -- 
>>>> tcp- flags SYN,RST,ACK SYN -j ACCEPT
>>>>
>>>> _________________________________________________________________
>>>> Fixing up the home? Live Search can help http://imagine-  
>>>> windowslive.com/search/kits/default.aspx?kit=improve&locale=en-  
>>>> US&source=hmemailtaglinenov06&FORM=WLMTAG
>>>>
>>>> --
>>>> fedora-list mailing list
>>>> fedora-list at redhat.com
>>>> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>>>
>>
>>
>>> --
>>> fedora-list mailing list
>>> fedora-list at redhat.com
>>> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>>
>>
>> I need to run Linux GUI apps with KDE, GNOME.
>>
>> Jim
>>
>> _________________________________________________________________
>> Your Hotmail address already works to sign into Windows Live  
>> Messenger! Get it now http://clk.atdmt.com/MSN/go/ 
>> msnnkwme0020000001msn/direct/01/?href=http://get.live.com/ 
>> messenger/overview
>>
>> -- 
>> fedora-list mailing list
>> fedora-list at redhat.com
>> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>
> -- 
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20061219/289d8625/attachment-0001.htm>

More information about the fedora-list mailing list