Re: Security of OpenSSH versus PCAnywhere; GoToMyPC

The_nth_Traveler wrote:

[snipped]
I would prefer to use the OpenSSH/VNC route, due to the cost, and the
fact that it is open source. I am a little leary of proprietary
software, as they may have their own little "back doors" into the
data, whereas I would hope enough people would have looked at the
OpenSSH code to see any vulnerabilities in security.

Any thoughts on what would be better for a Windows host - PuTTY or
Cygwin? Or would tunneling into a Linux box securely, then VNC over to
the Windows PC be easier? Would this be more secure? (It might add a
layer of security, at least)

What about the remote? Again, I guess my choices are PuTTY or Cygwin.

As I mentioned, I will be logging into my PC from the internet, which
may or may not be behind a firewall/router.

My home system is connected to TimeWarner RoadRunner via a Linksys
router/firewall.

I'm assuming that I will also need to run some type of dynamic DNS
service, such as DynDNS, as I have a dynamic IP address. Does the use
of DynDNS cause a security risk?

Any thoughts would be greatly appreciated.


Lots of people are doing exactly what you are proposing. I'm one of
them. I would recommend copssh as the ssh server at home and PuTTY for
the client. I've used cygwin for the client too but I like being able to
double click a Putty icon on my desktop and have it set up all my
tunnels as soon as I come in each morning. I also use Pageant to cache
my private key so I don't have to bother with passwords either.

I used SSHWindows for a while and switched to CopSSH. The former hasn't
been updated in something like a year while CopSSH is constantly being
updated. Both are based on CygWin. I also found CopSSH easier to install
and configure and in my opinion it just works better. One annoying
problem I had with SSHWindows was opening a bash shell from the remote
and entering an invalid command. It wouldn't report an error in the
shell. Instead it put it in a dialog on the console and hung the bash
shell until I vnc'ed to the console and closed the dialog. It was a real
nuisance. With CopSSH if I enter an invalid command it just tells me and
goes right back to the shell prompt.

I use UltraVNC too and there's one quirk with it that really annoys me.
It may or may not affect you depending on whether you run XP Pro or XP
Home at home. I use XP HOME with FUS (fast user switching) enabled. It
lets you switch between users' desktops without logging off. UltraVNC
can't handle this. If a 2nd user logs in on the home computer and I try
to view/control it with uvnc, it boots them out to the login screen
without saving anything. The guys that wrote uvnc say it's a problem
with windows and can't be fixed but I think *anything* can be fixed. And
logmein.com (mentioned later) doesn't display this behavior.

Not that I'm trying to deter you from uvnc over an ssh tunnel, but there
are a couple of other options you didn't mention. What about using the
Windows XP IPSEC VPN? I hear it's very secure. Another option if you
really prefer Open Source is OpenVPN. I used this for a while too
because it let me customize the port it runs over. My company's FW
blocks the ports used by the VPN built into XP so I couldn't use it. If
I want a VPN I have to use one with customizable ports like OpenVPN. I
stopped using it because the only thing I was using it for was to
encrypt uvnc traffic and the ssh tunnel turned out to be 2-3x faster.

Another free option is LogMeIn.com. It's like GoToMyPC except they offer
a free version. The pay version lets you do file transfers, remote
control, and a few other things. The free version is remote control
only. The downside is it's a 3rd party and you have to ask if you really
trust them. The upside is you can access your PC from any web browser.
No need to install ssh, vpn or anything else. Just point your browser
and www.logmein.com, authenticate, and your good to go.

HTH
--
To reply by email remove "_nospam"
.