Remote connections to linux
Download
1 / 27

Remote connections to LINUX - PowerPoint PPT Presentation


  • 67 Views
  • Uploaded on

Remote connections to LINUX. Virtual Network Computing SSH – puTTY Not a security talk. Ask Question NOW. Just Yell it out This is really informal. Who is Robert Searle. Software (JAVA) developer for 6 + years Not a Linux GURU, Security Expert or Consultant

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Remote connections to LINUX' - zaltana-torres


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Remote connections to linux

Remote connections to LINUX

Virtual Network Computing

SSH – puTTY

Not a security talk

Presented by Robert Searle from PlatinumJava.com


Ask question now
Ask Question NOW

  • Just Yell it out

  • This is really informal

Presented by Robert Searle from PlatinumJava.com


Who is robert searle

Who is Robert Searle

Software (JAVA) developer for 6+ years

Not a Linux GURU, Security Expert or Consultant

The information is offered ‘as-is’

There is no implied or expressed warranty of any kind

Hopefully accurate but please verify it with a professional

Security issues are always changing keep up-to-date

No system is hacker proof!

Presented by Robert Searle from PlatinumJava.com


Study it budgets opening up to linux
Study: IT Budgets Opening Up to Linux

  • http://www.newsfactor.com/perl/story/12808.html

  • Just a really cool picture

Presented by Robert Searle from PlatinumJava.com


What is vnc

What is VNC

a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures

Presented by Robert Searle from PlatinumJava.com


Virtual network computing
Virtual Network Computing

  • http://www.uk.research.att.com/vnc/

  • The GNU General Public License

    • http://www.uk.research.att.com/vnc/gpl.html

  • ‘Remote Desktop’

Presented by Robert Searle from PlatinumJava.com


Getting started with vnc
Getting Started with VNC

  • vncserver :2

    • vncpasswd

    • xterm -display snoopy:2 &

    • vncserver -kill :2

    • http://snoopy:5800+display number/

      • Java-capable browser! - unless a proxy to connect

Presented by Robert Searle from PlatinumJava.com


How to make vnc faster
How to make VNC faster?

  • http://www.uk.research.att.com/vnc/faq.html#q50

  • Don't use 24-bit color if you can use 16 or 8

  • On Unix you can run multiple servers, so a big 16-bit desktop for work and a small 8-bit for home.

    • run happily at lower resolution.

      • A 1280x1024 screen has more then 4 times as many pixels as a 640x480 one,

      • if all you are doing is checking a printer queue you probably don't need them all!

      • Note, though, that on WinVNC, 16-bit colour is usually the best to use. See below…

Presented by Robert Searle from PlatinumJava.com


How does it work
How does it work

  • http://www.uk.research.att.com/vnc/docs.html

Presented by Robert Searle from PlatinumJava.com


Demo of vnc
DEMO of VNC

  • Go to WEB Site

  • Read “Getting Started”

    • Download

    • Install

    • Run

    • Use

Presented by Robert Searle from PlatinumJava.com


Security and vnc

Security and VNC

Access to your VNC desktop generally allows access to your whole environment, so security is obviously very important for internet users.

Presented by Robert Searle from PlatinumJava.com


How secure is vnc
How secure is VNC?

  • VNC uses a challenge-response password scheme to make the initial connection:

    • the server sends a random series of bytes, which are encrypted using the password typed in, and then returned to the server, which checks them against the 'right' answer.

  • After that the data is unencrypted and could, in theory, be watched by other malicious users

Presented by Robert Searle from PlatinumJava.com


Will vnc work through a firewall
Will VNC work through a firewall

  • Many modern firewalls will allow outgoing connections initiated from inside, so you can often access servers on outside machines.

  • If your internet access is through a router which does Network Address Translation, you may be able to configure the router to redirect particular incoming ports to particular machines.

    • WinVNC with a display number of 0 on machine snoopy, and with display 1 on machine woodstock

    • Set your router to send port 5900 to snoopy and 5901 to woodstock.

Presented by Robert Searle from PlatinumJava.com


Tcp ip ports uses vnc
TCP/IP ports uses VNC

  • The most important one is 59xx, where xx is the display number. The VNC protocol itself runs over this port.

  • So for most PC servers, the port will be 5900, because they use display 0 by default.

  • If given a display number larger than 99, will interpret it as a direct port number and will not add 5900.

  • If you are running a viewer in ‘listening’ mode, where it accepts connections initiated by the server, it will listen for incoming VNC on port 5500.

Presented by Robert Searle from PlatinumJava.com


Securing vnc
Securing VNC

  • Since VNC runs over a simple single TCP/IP socket, it is easy to add support for SSL

    • or some other encryption scheme if this is important to you,

    • or to tunnel it through something like SSH or Zebedee.

    • Block ports 5900 – 5999

Presented by Robert Searle from PlatinumJava.com


Secure shell

Secure SHell

Login window to a remote machine.

traffic is encrypted between the two machines using public key encryption. 

ssh snoopy

just like a telnet session, but safer

Presented by Robert Searle from PlatinumJava.com


Putty a free win32 telnet ssh client
PuTTY: A Free Win32 Telnet/SSH Client

  • http://www.chiark.greenend.org.uk/~sgtatham/putty/

  • A better telnet

    • color support

    • Tab support

    • Encryption

Presented by Robert Searle from PlatinumJava.com


Demo of putty
Demo of puTTY

  • Use root

    • It safer than telnet

  • Login

  • I do not know how to allow any IP address to login through SSH

    • Does the audience?

Presented by Robert Searle from PlatinumJava.com


15 min break
15 min Break

Presented by Robert Searle from PlatinumJava.com


Making vnc more secure using ssh

Making VNC more secure using SSH

http://www.uk.research.att.com/vnc/sshvnc.html

This is reasonably secure; the password is not sent over the network.

Connected however, traffic between the viewer and the server is unencrypted, and could be snooped by someone with access.

Presented by Robert Searle from PlatinumJava.com


Sshd has tricks up its sleeve
SSHd has tricks up its sleeve

  • You can also request that it listens on a particular port on your local machine, and forwards that down the secure connection to a port on a machine at the other end.   For example,

    • ssh -L x:snoopy:y snoopy

  • means “Start an SSH connection to snoopy, and also listen on port x on my machine, and forward any connections there to port y on snoopy.”

Presented by Robert Searle from PlatinumJava.com


Piping vnc
Piping VNC

  • Now, the VNC protocol normally uses TCP port 59xx, where xx is the display number of the server. 

  • If you forward these ports to a remote machine, you can make the remote VNC server appear to be a server running on your local machine (fw to win)

  • Imagine you had a VNC server running as display :1 on machine snoopy, and you wanted a secure connection to it from your local machine

Presented by Robert Searle from PlatinumJava.com


Ssl ish vnc via ssh
SSL-ish—VNC via SSH

  • You could start the ssh session using:

    • ssh -L 6902:snoopy:5901 snoopy

  • any references to display :2 on your local machine would actually connect to display :1 on snoopy, so instead of running a vncviewer:

    • vncviewer snoopy:1 (unsecure!!)

  • you could run:

    • vncviewer localhost:2 (going through SSH encryption)

Presented by Robert Searle from PlatinumJava.com


Demo of vnc ssh
DEMO of VNC-SSH

  • DEMO of vnc with ssh

  • Ipchains or iptables

    • Show it’s logs

Presented by Robert Searle from PlatinumJava.com


How safe is it now

How safe is it now?

How safe is

your firewall?

your physical machine?

The password system?

How up-to-date is

Your firewall?

Your packages?

bind

sshd

vnc

ssl

Seek a professional!

Risk Vs Benefits

Presented by Robert Searle from PlatinumJava.com


Well did i kill anyone
Well, did I kill anyone?

  • Read the VNC website

  • Slides will be available later…

  • http://www.platinumjava.com

    • I am still redesigning the site, so any comments are welcome!

    • How could this presentation be better?

      • Voting on web site…

      • E-mail me

Presented by Robert Searle from PlatinumJava.com


Bye

Thanks for coming to the TLUG presentation and remember to give your feedback to me about the VNC presentation!

Presented by Robert Searle from PlatinumJava.com


ad