[clug] Linux Security
Tony Lewis
tony at lewistribe.com
Fri Jun 13 15:13:59 GMT 2008
Ian Bardsley wrote:
> As I'm sure that at some point they are going to break something with
> this system, I have been researching how to set this box up to allow
> SSH over the internet through which I plan to tunnel VNC (I hope) in
> the hope that I may be able to fix up damage if it occurs without
> driving to Wagga.
As a simpler solution, I'm a fan of OpenVPN. You can then natively VNC
or SSH to their box without having to worry about NAT etc. And once
it's running, it's much easier to use in day-to-day operation than
tunnelling.
In it's narrowest form, it puts a virtual network interface on each of
the boxes you connect, and allows you to use normal network connectivity
to attach to the box (VNC, SSH etc). The VPN itself takes care of
encrypting and transporting the packet to the other end.
You could go further and allow either or both ends to then route to the
networks that these machines are on. It's a bit more effort to set up,
and carries extra security risks, but the ability to attach from any
given machine on your network to any given machine on theirs might be
useful. You decide.
There are other things to consider, so in retrospect, maybe it's not
such a simple solution. Worth considering, though.
Tony Lewis
More information about the linux
mailing list