On Saturday 30 December 2006 15:22, Colm Buckley wrote:
> On 30/12/06, Timothy Murphy <tim at birdsnest.maths.tcd.ie> wrote:
> > What is the safest way of accessing a Linux home computer from outside?
> > I'm running Fedora-6 with shorewall.
> SSH is generally considered secure if you have good password choices -
> or better, only use pre-shared keys. It's not a great idea to just
> leave the ssh port open to the outside world (you get a lot of
> dictionary attacks), so a combination of:
> * Run ssh from a port other than 22
> * Restrict the IP ranges from which connections can be made
> * Implement port knocking
> SSH of course only gives you the text console by default, but you can
> tunnel other TCP protocols over an established SSH connection. If you
> want to access the graphical (X) screen over a high-latency or
> low-bandwidth link, an accelerator such as NX is probably a good idea.
It's worth considering that the link constraint also applies to the target
server (so even if you are on a very well connected network at the client
end, if the server is talking to you through a 128kbps upstream, you _will_
feel the hurt).
What are you trying to access? Is it just shell mode operations? If you
don't need GUI elements but may need other protocols such as POP3 and HTTP,
ssh tunneling can carry the day nine times out of 10 and I suspect it would
suit the needs in this case, but in the more general case openvpn is worth
a look.
Paul
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
