PDA

View Full Version : Secure Remote access for UNIX machines


YogeshS
Jul 20, 2009, 11:45 PM
I have a Unix machines located remotely and I wanted to access them with having a high security access technology. With exclusive dedicated Secured Service connectivity, Free from VIRUS and other popular software with certificate exchange.
Please advise How to go about it?

Is the VPN can become one of the solution or something simpler than that?

chuckhole
Jul 21, 2009, 04:47 AM
Access to your Unix machines would be performed with a terminal emulator such as PuTTY (http://www.putty.org/). It does use secure keys and are very basic, text based access. The security is held within the user names and passwords. Never give out the root password and change it regularly.

As far a viruses go, there is not much to worry about. Keeping secure access to your network is most important. VPN is a good option for this.

YogeshS
Jul 23, 2009, 10:56 PM
Access to your Unix machines would be performed with a terminal emulator such as PuTTY (http://www.putty.org/). It does use secure keys and are very basic, text based access. The security is held within the user names and passwords. Never give out the root password and change it regularly.

As far a viruses go, there is not much to worry about. Keeping secure access to your network is most important. VPN is a good option for this.

Thank you very much for the useful information.
As you have suggested, as far as the remote access of file & folders the Putty is the secured solution.
1) But if I wanted to access the GCS(Graphical console) of the perticular machine then which would be the better secured solution?
Does putty gives the option of remote desktop viewing(GCS of unix machine)?
2) what about securely transferring the files on remote from unix workstations?

KISS
Jul 24, 2009, 07:29 AM
There are ways of doing X11 over ssh. Ssh can also securely transfer files back and forth.

ssh does rely on cryptographic keys. You can force ssh to only allow connections from machines which respond to a particular DNS. For instance if MyComputer.com and Network was allowed access to yourcomputer.com, the DNS response would have to come from who it thinks wants access. There is a man-in-the middle attack that can be exploited. Takes some doing to pull it off. i.e I wanted access to a machine which was not accessible except from inside the network. I could tunnel into desktop and that desktop would make the connection to the restricted machine from outside the network. Once the IT department did DNS checks, I could not do that anymore.