SSH

Protecting your Linux box

SSH

Postby farhantoqeer » Wed Oct 09, 2002 12:07 am

is it feasible to use SSH for client computers to access internet :?:
farhantoqeer
Major General
 
Posts: 917
Joined: Thu Jun 27, 2002 5:45 pm
Website: http://www.emergen.biz
Location: Karachi

Re: SSH

Postby AsadR » Wed Oct 09, 2002 5:37 am

farhantoqeer wrote:is it feasible to use SSH for client computers to access internet :?:


:?:

What exactly do you mean by "access the internet". Do you mean to have SSH as a tunnel for some other protocol or just for plain remote access?
AsadR
Lance Naik
 
Posts: 36
Joined: Sat Sep 14, 2002 11:27 am
ICQ: 8374759
Location: Khi.pk

Postby farhantoqeer » Wed Oct 09, 2002 11:45 am

well, i mean that suppose i connect my server with internet and allow my user to login via ssh anduse internet without having any proxy server. that is the process will be executed at server not his machine.
farhantoqeer
Major General
 
Posts: 917
Joined: Thu Jun 27, 2002 5:45 pm
Website: http://www.emergen.biz
Location: Karachi

Postby AsadR » Wed Oct 09, 2002 12:59 pm

farhantoqeer wrote:well, i mean that suppose i connect my server with internet and allow my user to login via ssh anduse internet without having any proxy server. that is the process will be executed at server not his machine.


Do you want the SSH server to act as an authentication agent before you allow the client to access the internet through the server transparently using NAT?? (ie: a NAT with ACLs)
Or, as a last guess, do you just want your client to have access to cmd line utlillities such as lynx, ftp, wget and the like which he/she uses by connecting to your server through SSH?

:?
Last edited by AsadR on Wed Oct 09, 2002 7:21 pm, edited 1 time in total.
AsadR
Lance Naik
 
Posts: 36
Joined: Sat Sep 14, 2002 11:27 am
ICQ: 8374759
Location: Khi.pk

Postby farhantoqeer » Wed Oct 09, 2002 1:19 pm

when user connects thru ssh she can use graphical applications like konqueror,mozilla,kmess,gnumeric,kcalc etc, etc. i hv tested it and it is working. I connected my server with internet and login from other machine via ssh into my server. i executed mozilla, mozilla starts at my machine and it gives access to internet from the connected session of internet. and yes ofcourse authentication also takes place at server.
farhantoqeer
Major General
 
Posts: 917
Joined: Thu Jun 27, 2002 5:45 pm
Website: http://www.emergen.biz
Location: Karachi

Postby fawad » Wed Oct 09, 2002 7:22 pm

Farhan, this is a good approach for remote X. However, you'll have to keep in mind the load it'll put on the server machine with a large number of clients running GUI apps on the server. If you're ok with thick clients, you can set up the client accounts with rsh and have them forward the squid port to the client. That'll significantly reduce the reserver load as well as network traffic.
fawad
Site Admin
 
Posts: 918
Joined: Wed Aug 07, 2002 8:00 pm
ICQ: 17672437
Website: http://www.fawad.net
WLM: fawadhalim@hotmail.com
Yahoo Messenger: fawad2048
AOL: fawadhalim
Location: Addison, IL

Postby farhantoqeer » Wed Oct 09, 2002 9:55 pm

OK, i will check it on Friday. Thanx!
farhantoqeer
Major General
 
Posts: 917
Joined: Thu Jun 27, 2002 5:45 pm
Website: http://www.emergen.biz
Location: Karachi

Postby gh4z4nf4r » Tue Oct 29, 2002 8:16 pm

i have a netowrk of win98 and win2000 clients connected to out side via linux box i have done NAT and they are accessing internet successfully .But i also want to authenticate each user what should i use.......
gh4z4nf4r
Naik
 
Posts: 65
Joined: Mon Oct 14, 2002 3:51 pm
WLM: gh4z4nf4r@hotmail.com
Yahoo Messenger: gh4z4nf4r@yahoo.com
Location: Wah Cantt

Postby majorwoo » Sun Nov 24, 2002 10:26 am

you can set up samba to be a PDC and have it authenticate logon to the machine (although win98 can not participate in this 100%)

www.tldp.org has a samba howto, you want to set it up as a PDC (Primary Domain Controller)
before you try that, make sure you get samba setup and able to have thewindows machines see a share on the linux machine via samba, cause samba causes alot of problems - so take it one step at a time.
_________________
majorwoo

Quiet brain, or I'll stab you with a Q-tip.
majorwoo
Lance Naik
 
Posts: 19
Joined: Sun Nov 24, 2002 8:35 am
Website: http://majorwoo.hopto.org
AOL: majorwoo
Location: Daytoan Beach, FL - USA

Postby gh4z4nf4r » Mon Nov 25, 2002 3:51 pm

thanks i would do that ..first i will try to make my linux box pdc for the internal network ...but next thing is that this linux box is in the network of windows and having its own clients too...is it possible that it's share could be seen on the outside network and it could access theres too....i am asking this because i learned in a howto that a samba can be a client or server at the same time ?
thanks in advance for this long question :roll:
gh4z4nf4r
Naik
 
Posts: 65
Joined: Mon Oct 14, 2002 3:51 pm
WLM: gh4z4nf4r@hotmail.com
Yahoo Messenger: gh4z4nf4r@yahoo.com
Location: Wah Cantt

Postby zafarameer » Sat Sep 13, 2003 7:44 pm

depend upon security level, if security is major feature then YES otherwise not necessry
Be A Helping Hand 4 Others...
zafarameer
Cadet
 
Posts: 9
Joined: Mon Mar 03, 2003 1:54 am
ICQ: 166614508
WLM: schonde@hotmail.com
Yahoo Messenger: zafarameer@yahoo.com
Location: Sukkur


Return to “%s” Security

Who is online

Users browsing this forum: No registered users and 1 guest