FC6 VPN
Jim Douglas
jdz99 at hotmail.com
Tue Dec 19 19:17:57 UTC 2006
>From: James Wilkinson <fedora at aprilcottage.co.uk>
>Reply-To: For users of Fedora <fedora-list at redhat.com>
>To: fedora-list at redhat.com
>Subject: Re: FC6 VPN
>Date: Tue, 19 Dec:55:04 +0000
>
>Jim Douglas wrote:
> > Can I use OpenSSH with the above software? I just finished setup and
> > configuration of OpenSSH when I saw this post on VPN.
> >
> > I only need to access one remote Linux box at a time.
>
>Mike McGrath wrote:
> > Sure it could though OpenSSH is considered "secure" by most. You
> > could add OpenVPN as an extra level of security, though I've never
> > done that.
>
>jack wallen asked:
> > i have to ask - how does one use ssh as a vpn?
>
>Well, normally, you don't -- the debate was about using SSH over a VPN.
>As Mike says, it works, it provides an extra layer of "defence in depth"
>security (it doesn't matter if there happens to be a security breach in
>the VPN if an attacker can't decode the SSH, and there's nothing
>vulnerable at either end of the VPN), and it makes it slightly less
>obvious that you're using SSH.
>
>But it is possible to use SSH either as a "poor man's" VPN, or as a
>"sort-of" VPN. I've never done a full VPN over SSH, but I'd start by
>reading http://tldp.org/HOWTO/ppp-ssh/index.html. The advantage of a SSH
>VPN is that SSH tends to be a lot less picky about the sort of network
>connections it gets than many VPNs, and SSH itself is easier to set up.
>Disadvantages include that SSH is supposed to be a poor transport for IP
>packets, and that if the SSH connection drops, so do all communications.
>
>You might get on better with port-forwarding. This can be as simple as
>ssh -L 5900:192.168.1.55:5901 vncuser at jimdouglas.example.com
>This connects you to a computer called jimdouglas.example.com, logs you
>in as vncuser (through a password or private key), and creates a tunnel
>between port 5900 on your machine and port 5901 on 192.168.1.55 on the
>same local network as jimdouglas.example.com (it might or might not be
>the same computer as jimdouglas.example.com). That then allows you to
>connect a VNC viewer to port 5900 on your own machine, and log into
>192.168.1.55.
>
>It works very well for simple one-port protocols like VNC. It can be
>more of a challenge to get it to work with SMB or NFS (usually I don't
>bother and just sftp what I need).
>
>The advantage of this is that it's easy to set up SSH and be sure it's
>going to work, and then it's practical to set up tunnels as needed
>remotely.
>
>Hope this helps,
>
>James.
>
>--
>E-mail: james@ | top! to bottom from or backwards read not do I, post
>top
>aprilcottage.co.uk | not do Please
> | -- Jeff Vian
>
>--
>fedora-list mailing list
>fedora-list at redhat.com
>To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
VPN w/ SSH is overkill I think, all I need is to securely access a remote
box...from Windows Client -> Linux Server.
I think I found the answer,
http://freenx.berlios.de/
I have SSH up and running, anyone have any good links to securing my SSH
configuration?
Jim
_________________________________________________________________
Experience the magic of the holidays. Talk to Santa on Messenger.
http://clk.atdmt.com/MSN/go/msnnkwme0080000001msn/direct/01/?href=http://imagine-windowslive.com/minisites/santabot/default.aspx?locale=en-us
More information about the fedora-list
mailing list