| View previous topic :: View next topic |
| Author |
Message |
b345713
n00b
Joined: 08 Dec 2005
Posts: 9
|
 Posted: Mon Dec 19, 2005 5:12 pm Post subject: Acessing gentoo from a restricted windows environment |
 |
|
Hello all!
At present my challenge is to acess my gentoo desktop from my work place where I have many dead hours to kill!
At work we have windows xp with unlimited internet acess, yet we can't execute any unallowed apps! At home I have gentoo!
I've heard some colleagues talking about ssh logins, but I don't really now much about that!
What would I need to make it work? (Please take into account that I can't install any apps!)
Would I need to install an ssh extension on the windows desktop(which I can't do) or could I acess my gentoo by acessing a ssh shell from some already available website!
Would I need to setup one up myself? How could I do that? Would I need to register a domain and associate it to my gentoo machine! How could I set this up?
The second part of the question refers to the graphical aspect! Is it possible to remotely work with kde or would I have to work from the shell? From what I know I need x to send a shell for me to work with a desktop environment! Would I need to pipe an x session somehow? How!
VNC comes to mind, but not only am i a n00b as also I can't install any applications at work! What course should I take? |
|
| Back to top |
|
 |
thasheep
n00b
Joined: 24 Nov 2005
Posts: 52
Location: Stockholm, Sweden
|
| Posted: Mon Dec 19, 2005 5:53 pm Post subject: |
|
|
Accessing gentoo through ssh isn't too hard. Putty is a good client that supports ssh v2 (the version you want) and doesn't need to be installed. It runs straight from the .exe download. However, it's only a shell. I have no idea how you'd use kde but I suspect it wouldn't be easy, especially without installing stuff but cygwin may be ok.
To enable ssh (on gentoo now), you need to emerge openssh and set up /etc/ssh/sshd_config. Mine currently looks something like
| Code: |
Port 22
Protocol 2
ServerKeyBits 2048
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 60
PermitRootLogin no
RSAAuthentication no
PubkeyAuthentication yes
PasswordAuthentication yes
PermitEmptyPasswords no
Compression yes
KeepAlive yes
ClientAliveInterval 30
ClientAliveCountMax 4
Subsystem sftp /usr/lib/misc/sftp-server
AllowUsers hansel gretel cinderella
|
With a configuration like this, you can either use dsa public key authentication (recommended) or your password (less secure because there are tons of scripts around that check hundreds of possible username and password combination....and sometimes get in). Only allow the users that want/need access and it's safer not to allow anyone in the wheel group (the people who can su to root), so creating a new account might be worth it, but if you need/want to enable enable them (to have write access to system files) then you don't have much choice.
You don't need a domain, your ip address (ifconfig will tell you that - it's the inet addr) is fine.
Also, if you use a firewall (not a bad idea if you can work out how to do it properly), you'll need to open port 22 (the default for ssh) |
|
| Back to top |
|
|
thasheep
n00b
Joined: 24 Nov 2005
Posts: 52
Location: Stockholm, Sweden
|
| Posted: Mon Dec 19, 2005 9:05 pm Post subject: |
|
|
To use dsa public key authorisation over putty, create a dsa public key pair (a private key and a public key) on windows using puttygen and copy the public key to your gentoo system. If the key were created using openssh (the version of ssh in portage) then you could simply copy the public key to /home/username/.ssh/authorized_keys but putty creates the keys slightly different (from the looks of it, it just makes them on several short lines rather than one long one). To place a putty public key in .ssh using the openssh format, execute (on gentoo)
| Code: | ssh-keygen -i -f putty-pubkey > /home/username/.ssh/authorized_keys
chown username:users /home/username/.ssh/authorized_keys #only needed if ssh-keygen was run as another user, eg root |
Now you should be able to use your private (putty) key from your windows computer to log on over ssh. Once this works, you can change the 'PasswordAuthentication yes' line in the sshd_config to 'PasswordAuthentication no', making your setup much more secure.
To create a key pair using openssh (linux), the command is
As stated above, the public key created needs only be copied to /home/username/.ssh/authorized_keys but I don't know how to use openssh's private key from windows. |
|
| Back to top |
|
|
bexamous2
Tux's lil' helper
Joined: 18 Nov 2005
Posts: 80
|
| Posted: Mon Dec 19, 2005 9:07 pm Post subject: |
|
|
There are vnc viewers that require no 'install' other than being able to run the exe... I have a thumb drive with putty and tightvnc viewer... putty is used to create a ssh connection as well as an encrypted tunnel. I can run vncviewer through the ssh connection to my home computer.
If you cannot even run an exe file at work, there are web-based (java) vnc viewers (although vnc is an very un-secure connection--- its best to run it through a ssh tunnel if possible).
--edit---
btw i'm pretty sure there is a wiki on setting up tightvnc server... without that much work...
vncserver :1 -geometry 800x600
will have vncserver listen on 5901 for connections from a vncclient such as tightvnc under windows
but vncserver also is listening on 5801 for web connections... to test just put in localhost:5801 and you'll get a desktop in your firefox window ;P |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
