Re: VNC Security
From: Andy Bruce - softwareAB (andy_at_softwareab.net)
Date: Tue, 26 Apr 2005 15:35:36 -0400 To: Conlan Adams <email@example.com>
In all of these scenarios, you do the setup before hand. All of these
scenarios are easily installed, and configured as a tech, and are as
simple as 1-3 clicks for a user, no config, because everything (ssh
keys, vpn preshared keys, etc) are all saved and stored in advance.
A moment of setup in advance saves you hours of support later.
I couldn't agree more. However, in my case I don't have access to these remote users PCs. They don't work for me or any particular company. In the usual case, they call in with a problem out of the blue. Sometimes I can help them without logging in. Sometimes I can't.
For our internal boxes, I happen to use either the full Cygwin package or at least openssh for the users I work with. Then they just open port 22 (I normally don't want them to keep even that open) and I login and get work done. While I wouldn't call getting an SSH daemon setup on windows *correctly* a "moment" (google "sshd problems windows" for why...) it's well worth the effort. Public/private keys are even better. It's just that in many situations it's not possible to do the setup before hand.