LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-16-2004, 08:24 AM   #1
djc
Member
 
Registered: Mar 2004
Posts: 54

Rep: Reputation: 15
Question Secure remote control


anyone have any recommendations and/or links to how-tos for prefered secure methods of remote control for linux?

I am new to linux coming from windows where I utilize Terminal Services all the time. For those not familiar with windows this is like VNC. I need to get the same functionality for linux. I want to control my linux box from a windows machine. Can VNC do this? is it secure? encrypted? I was under the impression that VNC was not secure. Can VNC be combined with SSH?

anyway, currently I am playing with SSH and X11 forwarding. I have the cygwin/x X server installed on my windows machine and use the Putty ssh client. This is nice, secure, as I understand it. But everything has to be launched from command line seperately (which is cool in a way but..). Its not really a remote 'terminal'. Meaning, I want to see my whole linux desktop GUI.

I have read a little about XDMCP and understand it is not secure either. Is combing XDMCP with SSH a preferred method? is so can someone point me in the direction of some good step by steps and/or how-tos?

Is there something else?

thanks
 
Old 04-16-2004, 09:13 AM   #2
aleet2600
LQ Newbie
 
Registered: Apr 2004
Posts: 19

Rep: Reputation: 0
I am in the same boat. I posted in Linux Software about running Windows Manager thru SSH, but no respond at all.

Same as you, problem I am facing is, PuTTY is secured by SSH, but when I run Cygwin/X with XDMCP, it is not going thru PuTTY, therefore not thru SSH.

The way I run my Linux is, it firewalled everything except SSH port. So the Cygwin/X XDMCP request never reached the Linux.

The only solution I can think of is, using PuTTY SSH to proxy/forward the XDMCP port inside SSH, then it should reach Linux within SSH. I am reading on how to proxy/forward a specific port in PuTTY right now.

You said you read about XDMCP, do you know what port(s) it is using? Note that X11 is already forwarded by PuTTY, so it's just a matter of tunneling the XDMCP over PuTTY thru SSH.
 
Old 04-16-2004, 09:32 AM   #3
djc
Member
 
Registered: Mar 2004
Posts: 54

Original Poster
Rep: Reputation: 15
http://en.tldp.org/HOWTO/XDMCP-HOWTO/index.html

quote from above HOWTO:

"Using XDMCP is inherently insecure, therefore, most of the distributions shipped as it's XDMCP default turned off. If you must use XDMCP, be sure to use it only in a trusted networks, such as corporate network within a firewall. Unfortunately, XDMCP uses UDP port 177 and TCP port 6000; therefore, it is not natively able to use it with SSH. Currently, SSH1 and SSH2 are not implemented to securely forward the UDP communication.

To secure the connection with SSH, the technique is called X11 TCP/IP Port Forwarding. Check this Why Port Forwarding? site and the Resources area for additional HOW-TO information. If you would like to experiment this, I have add a little section below to show you how it works. I will give you only the basic idea how it works, and I will leave the more advanced way of running it to other experts and/or HOWTOs. "

I think this HOWTO started me in the right direction. However I didnt get real deep into it yet. Then, (like a few minutes ago) I realized I need to change distros (currently have RH9). I new RH was discontinuing desktop distros and support, however since their server packages are still going to be around I thought I could still get updates/patches. I'm an idiot. I am new to linux and bought the full RH9 Pro package with DVD and books. Now I have to change to something else so I have halted my research into the x11/ssh forwarding until I get a new distro up and running. What distro do you use?
 
Old 04-16-2004, 09:46 AM   #4
Jim.DiGriz
LQ Newbie
 
Registered: Apr 2004
Location: Tulsa, Oklahoma
Distribution: Slackware 9.1,RedHat 9, Fedora Core 1, Fedora Core 2, Redhat Enterprise Linux AS v. 3, Mac OS 10.3.3
Posts: 16

Rep: Reputation: 0
I use VNC tunnelled through SSH when I need a Linux gui remotely. Works great for me.


1. Make sure your sshd_config is set to "X11Forwarding yes" on the Linux box.
2. Run "vncserver" as your user on the Linux box (note that you shouldn't do this while you are connected w/ your port forwarded PuTTY connection, as it will be taking up the port you're trying to forward to, and the vncserver will open under a different port)
3. Set up your portforwarding config in PuTTY if that's your preferred SSH client, and connect with it.
4. Open your vncclient to connect to your localhost:<whatever port number you set in your PuTTY port forwarding config> and viola! vnc'ed to your Linux box, with an encrypted connection by tunnelling through SSH, with the firewall only open to SSH if that's how you have it configured.

<Edit>

Note also that the default window manager for some versions of VNC is Tiny Window Manager, which while easy on the bandwidth, is ugly as hell. To change this edit your ~<your username>/.vnc/xstartup and follow the instructions in there.

</Edit>

Last edited by Jim.DiGriz; 04-16-2004 at 09:56 AM.
 
Old 04-16-2004, 10:23 AM   #5
djc
Member
 
Registered: Mar 2004
Posts: 54

Original Poster
Rep: Reputation: 15
thanks, that sounds like what I'm looking for. After choosing a new distro I'll play with that config
 
Old 04-16-2004, 06:56 PM   #6
aleet2600
LQ Newbie
 
Registered: Apr 2004
Posts: 19

Rep: Reputation: 0
Hey djc, I am not new to UNIX/Linux, but never really used it extensively. I am using it at work when I need some free tools. At home, I use LiveCD to boot Linux (LiveCD means you have an installed functional Linux on CD that you can boot from.) The reason I use LiveCD to boot Linux because it lower a lot of chance the Linux will be hacked. Hacker cannot write to the CDR. They can only hack in memory. And I use LiveCD for like 5 min at a time just to do my online banking, etc.

Oh SSH doesn't support UDP inside SSH. And XDMCP is on UDP 177 as you know. Oh well.
Anyhow, at work, I use SuSE 9.0 because all I needed was to downloaded 2 floppies to boot, then I install the whole Linux thru internet. No need to burn Linux to 3 CDs at all. This might not work for you because I have DS3 at work. Whole install took less then 2 hours.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
project on secure stream control transmission protocol(SCTP) monindra Fedora - Installation 2 01-21-2021 10:51 PM
Anyone got the Remote Wonder (ATI's USB remote control) to work under Linux? dezireduser Linux - Hardware 2 11-06-2005 08:47 AM
ATI remote wonder (remote control) and X dop Linux - Software 2 07-24-2005 06:29 AM
Easy secure remote access ? waynep Linux - Newbie 2 02-18-2005 04:05 PM
Still secure with remote access? muppski Linux - Security 5 11-11-2004 01:04 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:06 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration