XWN740 X-Windows Configuring and Using Remote Access (Chapter 13: Pages 175-192)‏

Slides:



Advertisements
Similar presentations
WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.
Advertisements

SSH Operation and Techniques - © William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…
System Security Scanning and Discovery Chapter 14.
Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Guide To UNIX Using Linux Third Edition
Lesson 19: Configuring Windows Firewall
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 14 Remote Access.
Installing Samba Vicki Insixiengmay Jonathan Krieger.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.
Firewalls, Perimeter Protection, and VPNs - SANS © SSH Operation The Swiss Army Knife of encryption tools…
Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.
4-1 PSe_4Konf.503 EAGLE Getting Started and Configuration.
Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.
SSH Secure Login Connections over the Internet
NORTEL NETWORKS CONFIDENTIAL CallPilot 150 Modem Access Jan 03, 2005 Version 1.5.
Course 201 – Administration, Content Inspection and SSL VPN
1 Linux Networking and Security Chapter 3. 2 Configuring Client Services Configure DNS name resolution Configure dial-up network access using PPP Understand.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
11 NETWORK PROTOCOLS AND SERVICES Chapter 10. Chapter 10: Network Protocols and Services2 NETWORK PROTOCOLS AND SERVICES  Identify how computers on TCP/IP.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Module 7: Configuring TCP/IP Addressing and Name Resolution.
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 10 Manage Remote Access.
A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Copyright 2000 eMation SECURITY - Controlling Data Access with
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Windows 7 Firewall.
| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.
Saeed Darvish Pazoki – MCSE, CCNA Abstracted From: Cisco Press – ICND 1 – Chapter 9 Ethernet Switch Configuration 1.
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Four Windows Server 2008 Remote Desktop Services,
AE6382 Secure Shell Usually referred to as ssh, the name refers to both a program and a protocol. The program ssh is one of the most useful networking.
Overview of Microsoft ISA Server. Introducing ISA Server New Product—Proxy Server In 1996, Netscape had begun to sell a web proxy product, which optimized.
CSCE 815 Network Security Lecture 26 SSH and SSH Implementation April 24, 2003.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Five Windows Server 2008 Remote Desktop Services,
Application Services COM211 Communications and Networks CDA College Theodoros Christophides
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.
XWN740 X-Windows Configuring and Using Using VNC (Chapter 14: Pages )‏
CHAPTER 9 Sniffing.
SSH Operation The Swiss Army Knife of encryption tools…
Integrating and Troubleshooting Citrix Access Gateway.
1 Linux Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise.
1 Chapter 34 Internet Applications (Telnet, FTP).
Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.
FTP File Transfer Protocol Graeme Strachan. Agenda  An Overview  A Demonstration  An Activity.
Lesson 12: Configuring Remote Management
Protocols COM211 Communications and Networks CDA College Olga Pelekanou
Firewalls2 By using a firewall: We can disable a service by throwing out packets whose source or destination port is the port number for that service.
Module 10: Windows Firewall and Caching Fundamentals.
Linux Operations and Administration Chapter Twelve Configuring a Mail Server.
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
Secure Communications ● Cleartext vs. encryption and encapsulation ● Protocols not to use ● SSH – scp/ftp – SSH tunnelling ● VPN.
1 Free Electrons. Kernel, drivers and embedded Linux development, consulting, training and support. http//free-electrons.com SSH Thomas Petazzoni Free.
Ssh: secure shell.
Installing TMG & Choosing a Client Type
Working at a Small-to-Medium Business or ISP – Chapter 8
Configuring ALSMS Remote Navigation
XWN740 X-Windows Configuring and Using Remote Access
FTP - File Transfer Protocol
Telnet/SSH Connecting to Hosts Internet Technology.
Lab 7 - Topics Establishing SSH Connection Install SSH Configure SSH
OPS235: Configuring a Network Using Virtual Machines – Part 2
Chapter 7 Network Applications
Internet Applications (Telnet, FTP)
Presentation transcript:

XWN740 X-Windows Configuring and Using Remote Access (Chapter 13: Pages )‏

Agenda Remote Access: Purpose of Remote Access Displaying on a Remote Server Remote Sessions Query, broadcast, indirect Challenges of Remote Access Network Bandwidth & Latency Access Control Privacy

X Windows & Hardware Remote Access As defined earlier in this course, X Windows is a portable, network-transparent window system. The phrase network-transparent refers to the location-independence of the clients and server—the client may be on the same machine as the server or on machines spread all over the planet, as long as he has a network connection to the server...

X Windows & Hardware Remote Access – Display Specification Since X clients can connect to a display anywhere on the network, it is necessary to have some way of specifying the display to be used. This is done using a display specification (or displayspec). A displayspec takes this form: host:display[.screen]

X Windows & Hardware Remote Access – Display Specification Host The name or network address of the system running the X server (eg. DNS, IP Address, unix, DecNET, IPX/SPX) Display The Display number, greater to or equal to zero (eg. :0, :1, :2 etc...)‏

X Windows & Hardware Remote Access – Display Specification Screen An optional screen number within the display; screens are numbered at zero. For example, one monitor is used to control and set-up applications, and the second monitor displays live output to an audience such as a Wide Screen TV to broadcast an organization's events...

X Windows & Hardware Remote Access – Display Specification - Example You are currently using my_server in Canada and you want to run xclock application on other_server in Europe. The IP address of other_server is On my_server, you must disable access control, or limit access controls (such as xhost + or xhost )‏ Then on my_server, issue command like: xclock -display :0

X Windows & Hardware Remote Access – Display Specification - Example Note: For this to work, you may need to check your firewall settings, both on your router/switch and on the host running the X server. On a Linux system, iptables-L will show you the current firewall rules; you can configure the settings with your distribution's tools (such as lokkit or Yast) or use the iptables command.

X Windows & Hardware Enabling Remote Sessions Display managers—such as XDM, GDM, and KDM— manage local X displays, but are also capable of managing remote displays through a protocol called X Display Manager Control Protocol (XDMCP). XDMCP enables a user to remotely log in to a server using a graphical authentication dialog. After the user has logged in, a normal session is started (including the window manager, desktop environment, and so forth), as though the user was using a local X server.

X Windows & Hardware Enabling Remote Sessions XDMCP uses both TCP and UDP on port 177. It is disabled by default in most distributions and must be enabled before remote session can be used; the procedure to enable it varies according to the display manager in use. Refer to X Power Tools (Pages x - x)‏

X Windows & Hardware Remote Access – Enabling Remote Sessions There are 3 methods in which to run X Windows to access the session manager using XDMCP: Query Efficient (in terms of bandwidth) connection request to a specific host. Broadcast Connection to first available host (useful for load-balancing). Indirect Select host from a menu

X Windows & Hardware Remote Access – Enabling Remote Sessions Examples Query X :0 -query Broadcast X :0 -broadcast Indirect X :0 -indirect

X Windows & Hardware Challenges of Remote Access There are three challenges that any X remote access solution must address; one affects performance, and the remaining two affect security: Network Bandwidth and Latency Access Control Privacy

X Windows & Hardware Network Bandwidth & Latency Bandwidth refers to the overall network data- delivery rate; latency refers to the round-trip delay. X requires moderate network bandwidth and low latency to deliver an effective user interface. SOLUTION: X Tunneling with SSH Secure Shell ( SSH) provides a simple and effective way to run X clients on a remote machine, addressing all three challenges of remote access. This is by far the preferred approach to running remote X clients.

X Windows & Hardware Tunneling with SSH At its most basic level, SSH provides remote shell access, acting like a secure version of telnet. But SSH also provides tunneling capability, which creates a listening port on one end of the connection and forwards any TCP/IP connections through the encrypted channel to a designated port on the remote host (or any system directly reachable from the remote host). Going one step further, SSH provides an enhanced version of the tunneling facility specifically for X traffic.

X Windows & Hardware Tunneling with SSH Once you have connected to a remote system using SSH with X11 forwarding turned on, you can start X clients. It's also possible to specify the name of the client directly on the SSH command line. For example, to run kcalc on other_server: ssh -X kcalc

X Windows & Hardware Tunneling with SSH "But wait—there's more!" SSH also has a compression feature, which is enabled with the -C option: ssh -X -C kcalc Although this is a simple data-stream compression (like gzip), it provides at least as much benefit as LBX in most use cases.

X Windows & Hardware Using Public Keys with SSH SSH provides a simple way of starting a remote X client with a single command (Section 13.12). It's often convenient to place an SSH command in a.desktop file so that a menu option or icon will invoke a remote client automatically. It's possible to configure SSH to use public key cryptography for authentication instead of passwords. This eliminates the password prompt altogether and makes remote client execution beautifully seamless. You will see this in next week's lab...

X Windows & Hardware Passphrase Protection of SSH Keys Using SSH without public key authentication results in a password request for each new SSH connection, but using SSH with public key authentication is only as secure as the ~/.ssh/id_rsa file. If that file is compromised—by a trojan program, account compromise, or even a stolen copy of a system backup—the accounts on other hosts will also be compromised. The challenge is balancing convenience against vulnerability.

X Windows & Hardware Passphrase Protection of SSH Keys SSH provides a solution to this problem too (of course!). Your private key file can be protected by a passphrase, and the ssh-agent program can be set up to request the passphrase only once per session, regardless of how many SSH connections are later established. If the private key file is stolen, it will be useless without the passphrase. You will see this in next week's lab...

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.