Secure entry into remote systems
Joel Jaeggli
joelja at darkwing.uoregon.edu
Wed May 19 09:14:17 UTC 2004
ssh is about as secure as anything gets... just punch a hole through the
filewall for that one host and you should be fine. I have boxes in colo on
three continents and I don't visit them ever. oob access to serial console
and a way to reset them remotely (power switch, pc weasel, ipmi etc) are
the key components to doing that other than ssh access.
joelja
On Wed, 19 May 2004, Edward wrote:
> As most of you know, I cannot exactly call myself a noob anymore :(
>
> However, when it comes to administrating remote PCs I certainly can say
> I am.
>
> I have several servers installed at customer's premises. I used to
> simply run out there to fix any slight problems or update mail white
> lists etc.
>
> However, with a few customers more than 1.5 hours drive away, I need to
> look at remote administration. Especially for simply adding few users to
> a spamassassin white list or the like, which really only are 10 minute jobs.
>
> So, I was thinking about setting up dyndns or no-ip addresses for these
> servers, then opening up the firewall for either ssh or VPN. None of my
> customers have a static internet address.
>
> I've used ssh locally before, and that is really simple to set up, but
> because of the open hole I'll be creating my question is really: Should
> I be learning about setting up VPN tunnels into their systems instead?
>
> Anyone have any true experience using both and can shed some light on
> the security implications? Also, we're in Western Australia, with
> archaic PSTN networks (56K modem - so only 33K upstream), so any
> overheads incurred using one over the other I should also consider?
>
> If the answer is VPN - can anyone give me a link to a tutorial or
> something to get me started? I'm by now fairly versed in Linux itself
> (Since RH5.2 anyway), have compiled kernels and the like, but VPN is new
> to me.
>
> Regards,
> Ed.
>
>
>
>
--
--------------------------------------------------------------------------
Joel Jaeggli Unix Consulting joelja at darkwing.uoregon.edu
GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2
More information about the users
mailing list