[NTLUG:Discuss] SSH
Jack Snodgrass
jack at jacksnodgrass.com
Tue Oct 14 06:00:04 CDT 2003
couple of thoughts:
you say" on a Windows machine driving her desktop Windows machine"
is that one or two windows boxes that they have? If it's two,
why can't one be a linux box. If you have two linux boxes you
can run a simple VPM with vtund on both boxes.
speaking of VPN, why not run a VPN server on your linux box
and let the customer connect using MS VPN client?
as for SSH:
only use ssh2.
use Etunnel from www.vandyke.com ( $59 license ) to establish
your ssh port forwarding. Very easy to set up.
www.vandyke.com also has a good, user friendly, win32 sftp
client and ssh client. They are very, very good programs...
if you have to do win32 things. Wish they had linux versions.
If you compared putty to secureCRT, you'd compare a yugo to
a dodge ram pickup (with a hemi) ;)
use a non standard port for the server/client. Lots of hackers
try and access port 22.
use tcpwrappers or iptables to limit access to the ssh port to
specific ip addresses.
don't allow plain text passwords. use keys only.
ftp/telnet:
NO NO NO NO NO NO NO NO NO NO NO NO NO NO NO NO NO NO NO NO NO NO
( repeat this line 50000 times )
jack
On Mon, 2003-10-13 at 23:15, severian at pobox.com wrote:
> WooHoo,
> I got a Linux box into the office doing ssh server duty forwarding ports
> to allow my customer to work from home on a Windows machine driving her
> desktop Windows machine. The final trick was realizing that Putty does not
> work right if you try to store the port forwarding information. When I
> passed the port forwarding information on the command line, it worked the
> first time. I had a Linux box doing this remote VNC months ago, but today
> was the first day I could do it securely, with free Windows software(and my
> Linux SSHD server on the static IP)
> I have a few questions for people that have done this before.
>
> 1. I disabled type 1 ssh keys, since type 2 keys seem to be more
> secure. Is there any reason to allow type 1 keys? I realize that some
> people may have to interface with software that only supports type 1 keys,
> but that does not apply to me.
> 2. I generated my public keys with OpenSSH. They work fine when I drive
> the customers Windows machine from my Linix machine at home. I have not
> figured out how to import those public keys into Putty. By googling, I
> find a bunch of references on how to take keys from Putty to OpenSSH, but
> that is the wrong direction for me.
> 3. This Linux machine has a static IP and will stay up 24/7. I am trying
> to figure out what I should do to the machine to make it relatively
> secure. I've close obvious things like ftp and telnet. I am tempted to
> close just about every port except the port I use for SSH, but I wonder if
> that is too drastic. I have been reading a number of web sites, but I have
> not found one that seems authoritative. Any thoughts?
> Thanks in advance,
> Ralph
>
>
> _______________________________________________
> https://ntlug.org/mailman/listinfo/discuss
>
More information about the Discuss
mailing list