Presentation is loading. Please wait.

Presentation is loading. Please wait.

Remote access methods ● SSH ● VPNs ● VNC ● Screen - by Alex Harris.

Published byGwen Parks Modified over 8 years ago

Similar presentations

Presentation on theme: "Remote access methods ● SSH ● VPNs ● VNC ● Screen - by Alex Harris."— Presentation transcript:

1 Remote access methods ● SSH ● VPNs ● VNC ● Screen - by Alex Harris

2 SSH - Uses ● Secure replacement for telnet (ssh username@server) ● Secure replacement for FTP (scp filename username@server:/path/on/server/filename) ● Tunnel other services: ssh username@server -L 82:securewebserver:80 (you put your browser at localhost:82 to use this) ● Forward X: ssh -X username@server (lower case x will disable x forwarding) ● Socks proxy (ssh -D 1080 username@server)

3 SSH – keys ● Each ssh server has keys so that when a client connects to a server the identiy is confirmed (to prevent man in the middle attacks). ● If the server has not been connected to before you will get a The authenticity of host 'server (192.94.73.5)' can't be established. RSA key fingerprint is 53:2a:b3:92:a6:88:ca:c0:ff:c2:1b:d1:53:11:fc:4e. Are you sure you want to continue connecting (yes/no)? ● If the server has changed (or you have a man in the middle) can get: (next slide)

4 garon@fileserver:~$ ssh user@server @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@ @ WARNING: POSSIBLE DNS SPOOFING DETECTED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@ The RSA host key for server has changed, and the key for the according IP address 10.xx.xxx.133 is unknown. This could either mean that DNS SPOOFING is happening or the IP address for the host and its host key have changed at the same time. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is 8a:52:a2:3f:72:7a:35:7e:06:aa:9b:f2:32:45:64:d5. Please contact your system administrator. Add correct host key in /home/user/.ssh/known_hosts to get rid of this message. Offending key in /home/garon/.ssh/known_hosts:13 RSA host key for olympus has changed and you have requested strict checking. Host key verification failed.

5 SSH – Key login ● Can use keys as a replacement for passwords to login ● Useful for scripts

6 SSH – Obtaining ● Comes with most modern linux distributions (redhat, debian, suse, fedora, etc...) ● Does not come with a default Ubuntu install ● install the openssh-server package on Ubuntu ● Available in cygwin (openssh package) ● Putty is a lightweight client for windows (does not use cygwin) ● Winscp is a lightweight file transfer client for windows (does not use cygwin).

7 SSH – getting access to it ● Normally runs on port 22 ● Your firewall must allow incoming connections to the ssh port ● know the hostname or ip address of the ssh server ● Can use a dnynamic dns service to keep track of your computer if it isn't on a static ip (common with home cable/dsl connections).

8 SSH - Securing ● Config file is normally in /etc/ssh/sshd_config ● Use Protocol 2 (protocol 1 is insecure) ● Allow only those who need shell access to use it, everyone else should have a /bin/false (or something similar) as their shell in /etc/passwd ● Could also allow just one group (or deny several): AllowGroups sshusers - DenyGroups noshell ● PermitRootLogin no (so script kiddies can't stumble upon your root password) ● Use a different port, makes things complicated though ● Enforce strong user passwords

9 SSH – End of, VPNs next ● Questions?

10 VPNs – Types (General) ● Gateway to Gateway (two corporate offices) ● Roadwarrior (Host to Gateway) ● Bridged (all on the same subnet) ● Routed (endpoints on different subnets) ● IPSec (The original encrypted one) ● SSL (userspace one, easier to route)

11 VPN – Types (specific) ● OpenVPN (SSL based) ● OpenSwan (IPSec based) ● Kame, ported from BSD (IPSec based) ● Hamachi (ease of use)

12 VPN – End of, VNC next ● Questions?

13 VNC – Virtual Network Computing ● Created originally by AT&T labs ● Now has a few versions available ● Used for remotely display of a GUI based desktop ● When you disconnect from a vnc desktop it will still be running on the server ● Cross platform

14 VNC - Versions ● Real VNC, modern incarnation of the original ● TightVNC, first VNC with compression ● UltraVNC, considered the most advanced version of the 3, but windows only ● A client of one will work with the server of another on at least a basic level, more advanced features may not work between them though.

15 VNC – derivative apps ● X2vnc – Allows an X based application and a vnc based desktop to be controlled with one keyboard and mouse side-by-side ● Win2vnc - allows to vnc based applications to be controlled with one keyboard and mouse side-by-side (x2x is an x-windows only counterpart). ● Gencontrol – allows one to control a windows desktop without having to install a vnc server beforehand ● Vnc2swf – record desktop activity to a swf file ● Vncselector – manage several local vncservers,

16 VNC - Security ● Designed for a LAN, do not use over an insecure network (this includes the internet). ● If you want to use it over the internet, tunnel VNC over an ssh connection, or a VPN connection. ● ssh user@firewall -L 5900:firewalledhost:5901 vncviewer localhost:5900 -if vncserver is running on “firewalledhost” behind the firewall on port 5901

17 VNC – End of, screen next ● Questions?

18 Screen – VNC for the command line ● Allows multiple terminals ● Can be disconnected from and reconnected to at a latter time from a different location (and the process running will still be, or have finished).

19 Screen – End of, nothing left!!! ● Questions?

Download ppt "Remote access methods ● SSH ● VPNs ● VNC ● Screen - by Alex Harris."

Similar presentations

SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep.

SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Remote Desktop Security Raghav Chawla, Jon Ussery Group 20.

Remote Desktop Security Raghav Chawla, Jon Ussery Group 20.
1 The VPN Menu. 2 The VPN Menu VPN The GD eSeries can be set up either as an OpenVPN server or as a client, and even play both roles at the same time,

1 The VPN Menu. 2 The VPN Menu VPN The GD eSeries can be set up either as an OpenVPN server or as a client, and even play both roles at the same time,
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 14 Remote Access.

MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 14 Remote Access.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Strategies in Linux Platforms and.

© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.
Remote access and file transfer Getting files on and off Bio-Linux.

Remote access and file transfer Getting files on and off Bio-Linux.
Firewalls, Perimeter Protection, and VPNs - SANS ©2001 1 SSH Operation The Swiss Army Knife of encryption tools…

Firewalls, Perimeter Protection, and VPNs - SANS © SSH Operation The Swiss Army Knife of encryption tools…
Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.

Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.
DrayTek VPN Solution. Outline What is VPN What does VPN Do Supported VPN Protocol How Many Tunnels does Vigor Support VPN Application Special VPN Application.

DrayTek VPN Solution. Outline What is VPN What does VPN Do Supported VPN Protocol How Many Tunnels does Vigor Support VPN Application Special VPN Application.
Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.

Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
SUSE Linux Enterprise Desktop Administration Chapter 5 Manage the Network Configuration.

SUSE Linux Enterprise Desktop Administration Chapter 5 Manage the Network Configuration.
VNC VNC demo Windows  TightVNC  ajklinux1.uncc.edu Ubuntu  Gtk VNC Viewer.

VNC VNC demo Windows  TightVNC  ajklinux1.uncc.edu Ubuntu  Gtk VNC Viewer.
Chapter 7: Using Windows Servers to Share Information.

Chapter 7: Using Windows Servers to Share Information.
© 2005,2006 NeoAccel Inc. Partners Presentation SSL VPN-Plus 2.0 Quick Start Guide.

© 2005,2006 NeoAccel Inc. Partners Presentation SSL VPN-Plus 2.0 Quick Start Guide.
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 10 Manage Remote Access.

SUSE Linux Enterprise Server Administration (Course 3037) Chapter 10 Manage Remote Access.
0Gold 11 0Gold 11 LapLink Gold 11 Firewall Service How Connections are Created A Detailed Overview for the IT Manager.

0Gold 11 0Gold 11 LapLink Gold 11 Firewall Service How Connections are Created A Detailed Overview for the IT Manager.
Shell Protocols Elly Bornstein Hiral Patel Pranav Patel Priyank Desai Swar Shah.

Shell Protocols Elly Bornstein Hiral Patel Pranav Patel Priyank Desai Swar Shah.

Similar presentations

Ads by Google