On Sun, 2002-02-17 at 19:37, Cheryl Homiak wrote: > I am working on a computer for friends and want to be able to login to it > once they take it home so i can fix things at a distance if they have a > problem. I haven't found a howto that covers this, but if there is one > please steer me to it and I will read it. > My questions involve: > 1. differences between telnet and ftp servers--right now I have ftpd and > telnetd-ssl installed on both boxes.
You want neither installed on your friends' box. ftp servers are notoriously unsafe, and if you don't want to explicitly run a ftp server you don't want ftpd running. If you do you really want to monitor that box for security closely. telnetd-ssl does encrypted communication. I don't know anything about it, but I'd bet what you want is ssh instead (OpenSSH, not the one in non-free). It does what telnet does and you can also transfer files securely with scp and sftp. You can easily foward X over an ssh tunnel (although it's probably no fun over a high-latency link, i.e., internet). And all this is done through a encrypted, secure connection. You can authenticate with passwords and/or public and private keys. You get 3 levels of security: 1.) You firewall off you friend computer, and leave the ssh port open, but only for the IP you will be connecting from 2.) You set access rights for TCP Wrappers using /etc/hosts.deny and hosts.allow 3.) You authenticate in encrypted fashion to ssh and all subsequent communication is encrypted, too Note that X-forwarding is turned off by default in Debian (but can easily be turned on in /etc/ssh/) Go to the lists archives at lists.debian.org and search for ssh or Open SSH. You will find plenty of discussions on configuring and running it. Read ssh related stuff especially here http://www.linuxdoc.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/ and also here http://www.linuxdoc.org/HOWTO/mini/Remote-X-Apps.html A Google search on OpenSSH returns a lot, too > 2. ip address to use: I have a cable connection to the Internet so only > have one ethernet ip listed but the other box is on a ppp connection and > two ips are given when running ipconfig. > (3) Other things I need to do to make these connections work between > boxes. Since you will not be able to cempletely shut down outside access on the friends' box (you want to access it after all) you should be comfortable with configuring a firewall. There are GUI tools like firestarter (for Gnome). Also be sure to understand TCP Wrappers and other basic security stuff. Consider Bastille or other security tools. Does the remote (friends') box have a dynamically assigned IP (probably, when it's on PPP)? Then you need a way to find out the current IP when you want to log in. I.e., you call your friends and you want them to know how to get it. Also, is your box's IP dynamically assigned? Then you'll probably need to allow access for the whole pool of IPs it may be chosen from at the remote host (firewall and hosts.allow). Alternatively, you can maybe provide a way (simple script) for your friends to set those based on the current IP Lots of fun, M. -- I did not vote for the Austrian government
