[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSH & VPN's

To: klug@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Subject: Re: SSH & VPN's
From: Scott Yellig <syellig@xxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 22 Dec 1997 22:05:23 -0500 (EST)
In-Reply-To: <199712230241.VAA24784@hp13.armintl.com>


I would just like to say: damn. Thats really really really tight security.

Is sshd the only daemon you have running accepting outside connections, or
do you have any kind of mail daemon or something running? Other than that,
or possibly breaking into your house, and torturing you into loging in
there really isnt any other way on to those systems. Very impressive.

Im curious as to if you have any had any kind of breakin where you work?

--
-------------------------------------------------------------------------------
         Finger syellig@deepthought.dyndns.com for PGP public keys.
-------------------------------------------------------------------------------

On Mon, 22 Dec 1997, Bruce Smith wrote:

> > What actually led me to SSH was the Linux VPN-mini-HOWTO.  VPN = Virtual
> > Private Network,  or creating encrypted connections between networks over the
> > internet.  Because dialing into a getty/login doesn't cut it any more,  and I
> > want to get away from having to support dial in modems (YUCK).  If I can get
> > this to work I hope to be able to run telnet, X, and ICA (NT/Winframe) just
> > like I can from my workstation at the office. Although much slower. I'm 99.44%
> > of the way to having it working.  You actually run pppd over the pts allocated
> > for the SSH session!  Like an interface within an interface,  whoever came up
> > with that is brilliant.
> 
> I also use SSH as a kind of a VPN.  It works great, in fact I'm using
> it right now doing my email.  I live in Portage and work in Three Rivers.  
> This way I can connect into work with only a local phone call (to my ISP)
> instead of long distance to Three Rivers.  Saves a ton of money.
> 
> I never tried ICA once I'm connected in.  I'll have to play with that.  
> We have a couple NTrigue servers that can accept ICA or X connections.
> 
> I believe the security of SSH is excellent, but I took it one step
> farther.  My sshd_config file has all remote IP addresses denied.
> I then wrote a front end network/socket program that does a sort
> of one time password scheme that I came up with myself.  So before
> I can do a slogin or ssh command, I have to authenticate myself
> with my front end program, otherwise sshd will not let me connect.
> The one-time password is random each time, and I have to decode it 
> with a different program on my home PC, and send back the right 
> challenge key and then it notifies sshd to let me in.  A cron job 
> on the host removes old IP address from sshd later.
> 
> Call me paranoid about security, but I have the firewall set
> to the strictest it can be, and proxy almost all outgoing 
> and incomming connections (including SMTP) thru a proxy
> server setting outside my firewall.  Better safe than . . .
> 
> --------------------------------------------
> Bruce Smith                bruce@armintl.com
> System Administrator / Network Administrator
> Armstrong International, Inc.
> Three Rivers, Michigan  49093  USA
> --------------------------------------------
>

Follow-Ups:
- Re: SSH & VPN's
  - From: Bruce Smith

References:
- Re: SSH & VPN's
  - From: Bruce Smith

Prev by Date: Re: SSH & VPN's
Next by Date: Re: SSH & VPN's
Prev by thread: Re: SSH & VPN's
Next by thread: Re: SSH & VPN's
Index(es):
- Date
- Thread