On Tuesday 07 February 2006 18:08, ryan wrote:
On Tuesday 07 February 2006 11:41 am, James Gagnon wrote:
But then again... one has to wonder how secure remote desktop for windows really is... guess it's a win/lose situation =)
Not as secure as SSH....but I definitely think you are on to something.
An interesting solution is to have a really locked down but low-end machine (p2/64 MB RAM) on your LAN that serves one purpose - to be an SSH server.
I do something very similar. I work as a freelance admin at three different locations, all set up virtually the same:
1) I have a host that does backups. It is a cheap-o system, lots of diskspace, running a backup script I wrote: http://www.effortlessis.com/backupbuddy/ 2) SSHd is on a "goofy" port, somewhere high and random. 3) I permit root without-password - RSA key needed to get in, passwords are irrelevant. 4) Backup host accepts SSH connections from world - but there are NO PASSWORDS ON THE MACHINE. The only way to get in is as root, and then only with RSA (ssh2) keys. 5) All other hosts on the network have DENY rules on their input for anything but from the backup host and my house. 6) Since the backup host HAS to have root access to the other servers, (in order to read all the files!) then logging into the backup server (via RSA keys) gives access to all other hosts on the LAN. 7) Backup host is some otherwise retired PII/PIII with a few hundred MB of RAM and a few cheapo pricewatch.com IDE drives globbed together with software RAID/LVM to provide gobs of cheap storage space.
I've been using this framework for a few years now, and it's very successful. When I'm at "home" (home/office) I get unfettered SSH access to all the hosts via RSA keys. When I'm on vacation, and logging in via some hotel network to fix a problem, I login with my laptop via the backup host and then to the server in question to figure it out.
Food for thought, hope it helps.
-Ben