[clug] Linux Security

Tony Lewis tony at lewistribe.com
Fri Jun 13 15:13:59 GMT 2008

Ian Bardsley wrote:
> As I'm sure that at some point they are going to break something with 
> this system, I have been researching how to set this box up to allow 
> SSH over the internet through which I plan to tunnel VNC (I hope) in 
> the hope that I may be able to fix up damage if it occurs without 
> driving to Wagga.

As a simpler solution, I'm a fan of OpenVPN.  You can then natively VNC 
or SSH to their box without having to worry about NAT etc.  And once 
it's running, it's much easier to use in day-to-day operation than 

In it's narrowest form, it puts a virtual network interface on each of 
the boxes you connect, and allows you to use normal network connectivity 
to attach to the box (VNC, SSH etc).  The VPN itself takes care of 
encrypting and transporting the packet to the other end.

You could go further and allow either or both ends to then route to the 
networks that these machines are on.  It's a bit more effort to set up, 
and carries extra security risks, but the ability to attach from any 
given machine on your network to any given machine on theirs might be 
useful.  You decide.

There are other things to consider, so in retrospect, maybe it's not 
such a simple solution.  Worth considering, though.

Tony Lewis

More information about the linux mailing list