SSH

Protecting your Linux box
farhantoqeer
Major General
Posts: 917
Joined: Thu Jun 27, 2002 5:45 pm
Location: Karachi
Contact:

SSH

Postby farhantoqeer » Wed Oct 09, 2002 12:07 am

is it feasible to use SSH for client computers to access internet :?:

AsadR
Lance Naik
Posts: 36
Joined: Sat Sep 14, 2002 11:27 am
Location: Khi.pk
Contact:

Re: SSH

Postby AsadR » Wed Oct 09, 2002 5:37 am

farhantoqeer wrote:is it feasible to use SSH for client computers to access internet :?:


:?:

What exactly do you mean by "access the internet". Do you mean to have SSH as a tunnel for some other protocol or just for plain remote access?

farhantoqeer
Major General
Posts: 917
Joined: Thu Jun 27, 2002 5:45 pm
Location: Karachi
Contact:

Postby farhantoqeer » Wed Oct 09, 2002 11:45 am

well, i mean that suppose i connect my server with internet and allow my user to login via ssh anduse internet without having any proxy server. that is the process will be executed at server not his machine.

AsadR
Lance Naik
Posts: 36
Joined: Sat Sep 14, 2002 11:27 am
Location: Khi.pk
Contact:

Postby AsadR » Wed Oct 09, 2002 12:59 pm

farhantoqeer wrote:well, i mean that suppose i connect my server with internet and allow my user to login via ssh anduse internet without having any proxy server. that is the process will be executed at server not his machine.


Do you want the SSH server to act as an authentication agent before you allow the client to access the internet through the server transparently using NAT?? (ie: a NAT with ACLs)
Or, as a last guess, do you just want your client to have access to cmd line utlillities such as lynx, ftp, wget and the like which he/she uses by connecting to your server through SSH?

:?
Last edited by AsadR on Wed Oct 09, 2002 7:21 pm, edited 1 time in total.

farhantoqeer
Major General
Posts: 917
Joined: Thu Jun 27, 2002 5:45 pm
Location: Karachi
Contact:

Postby farhantoqeer » Wed Oct 09, 2002 1:19 pm

when user connects thru ssh she can use graphical applications like konqueror,mozilla,kmess,gnumeric,kcalc etc, etc. i hv tested it and it is working. I connected my server with internet and login from other machine via ssh into my server. i executed mozilla, mozilla starts at my machine and it gives access to internet from the connected session of internet. and yes ofcourse authentication also takes place at server.

fawad
Site Admin
Posts: 918
Joined: Wed Aug 07, 2002 8:00 pm
Location: Addison, IL
Contact:

Postby fawad » Wed Oct 09, 2002 7:22 pm

Farhan, this is a good approach for remote X. However, you'll have to keep in mind the load it'll put on the server machine with a large number of clients running GUI apps on the server. If you're ok with thick clients, you can set up the client accounts with rsh and have them forward the squid port to the client. That'll significantly reduce the reserver load as well as network traffic.

farhantoqeer
Major General
Posts: 917
Joined: Thu Jun 27, 2002 5:45 pm
Location: Karachi
Contact:

Postby farhantoqeer » Wed Oct 09, 2002 9:55 pm

OK, i will check it on Friday. Thanx!

gh4z4nf4r
Naik
Posts: 65
Joined: Mon Oct 14, 2002 3:51 pm
Location: Wah Cantt
Contact:

Postby gh4z4nf4r » Tue Oct 29, 2002 8:16 pm

i have a netowrk of win98 and win2000 clients connected to out side via linux box i have done NAT and they are accessing internet successfully .But i also want to authenticate each user what should i use.......

majorwoo
Lance Naik
Posts: 19
Joined: Sun Nov 24, 2002 8:35 am
Location: Daytoan Beach, FL - USA
Contact:

Postby majorwoo » Sun Nov 24, 2002 10:26 am

you can set up samba to be a PDC and have it authenticate logon to the machine (although win98 can not participate in this 100%)

www.tldp.org has a samba howto, you want to set it up as a PDC (Primary Domain Controller)
before you try that, make sure you get samba setup and able to have thewindows machines see a share on the linux machine via samba, cause samba causes alot of problems - so take it one step at a time.
_________________
majorwoo

Quiet brain, or I'll stab you with a Q-tip.

gh4z4nf4r
Naik
Posts: 65
Joined: Mon Oct 14, 2002 3:51 pm
Location: Wah Cantt
Contact:

Postby gh4z4nf4r » Mon Nov 25, 2002 3:51 pm

thanks i would do that ..first i will try to make my linux box pdc for the internal network ...but next thing is that this linux box is in the network of windows and having its own clients too...is it possible that it's share could be seen on the outside network and it could access theres too....i am asking this because i learned in a howto that a samba can be a client or server at the same time ?
thanks in advance for this long question :roll:

zafarameer
Cadet
Posts: 9
Joined: Mon Mar 03, 2003 1:54 am
Location: Sukkur
Contact:

Postby zafarameer » Sat Sep 13, 2003 7:44 pm

depend upon security level, if security is major feature then YES otherwise not necessry
Be A Helping Hand 4 Others...


Return to “Security”

Who is online

Users browsing this forum: No registered users and 1 guest