Re: Questions on secure remote access to Fedora Core 2



On 2006-10-26, C. J. Clegg <reply.in.group@xxxxxxxxx> wrote:

I've been reading up on Virtual Private Networks (VPN) over the last
couple of days but it seems that they are mostly intended to link up two
private LANs, not provide secure access to a publicly-visible server.

That's not really true. You can use openvpn to link up a remote client
to a server on site pretty easily. IIRC they have docs on this
configuration (it's not trivial).

I have been told that I can enable only ssh (and not telnet or rlogin or
ftp or etc.) and that trusted users can tunnel other protocols (e.g. ftp)
under ssh. That sounds interesting but is that really the most secure way?

Anyway I am unclear on just what it is that makes ssh more secure than,
say, telnet. If I set up sshd and someone has an ssh client on their
computer, and they know a valid userID and password on my machine, then
they're in just as easily with ssh as with telnet, near as I can see.

With telnet it's easy to sniff passwords because it's unencrypted. With
ssh it's not easy to sniff passwords because it's encrypted. The
encryption is not impossible to crack, but it's not at all easy.

If all your users need is command-line access, ssh, scp, and sftp will
be plenty secure unless you're incredibly paranoid. You can provide
https access, as well, for encrypted web applications. The only hitch
is email, which doesn't really support encryption directly, but if
that's an issue you can have your users use an MUA that can use PGP or
gpg, and they can use that for encrypting the body of their email.

--keith

--
kkeller-usenet@xxxxxxxxxxxxxxxxxxxxxxxxxx
(try just my userid to email me)
AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt
see X- headers for PGP signature information

.



Relevant Pages