On Tue, 14 Aug 2001, Vince McHugh wrote:
> I am attempting to set up a remote linux server as a dial up server.
There are (for purposes of this discussion) two kinds of dialup
connections:
1. Simple terminal (you run a terminal emulator, the modem connects, you
login and get a shell prompt)
2. IP over PPP (full network connectivity to the other end)
Which are you interested in? Or both?
> I am looking for info ... on what to use to do this.
Try these:
"Dial-In" section of the Modem-HOWTO:
http://www.linuxdoc.org/HOWTO/Modem-HOWTO-12.html
PPP-HOWTO:
http://www.linuxdoc.org/HOWTO/PPP-HOWTO/index.html
"Configure dialin" section of the ISP-Setup-RedHat-HOWTO is a useful
cookbook to get you started:
http://www.linuxdoc.org/HOWTO/ISP-Setup-RedHat-HOWTO-4.html#ss4.12
> I am concerned about security.
And well you should be! (But I think we've beaten that horse enough in
this forum... ;-)
> I have replaced telnet with ssh for connecting remotely over the
> network, is it possible to use ssh over dial up connections (if so ,
> how)?
You can run SSH over IP over a PPP link, the same as you would for any
other IP link. This will not protect anything else running over the PPP
link. In particular, some forms of PPP authentication send usernames and
passwords in the clear.
You also have to deal with the issue of where the PPP link connects to
your network. If it is inside your trusted network, it effectively bypasses
any firewall you have. Depending on your environment, that may be an
unacceptable security risk.
As far as how secure a dial-in link is... well, some people consider the
US PSTN (Public Switched Telephone Network) to be reasonably secure. And it
is doubtless more secure than your average IP link (but that is not saying
much). If you use a strong password, and do not advertise the phone number,
you should be moderately protected. Anyone who goes to the trouble of
violating the the phone system to tap that might as well just break in to
your office and steal the PC.
If you are doing anything sensitive, though, your best bet is to put the
dial-up host outside your trusted network, and treat it like any other
untrusted Internet connection.
--
Ben Scott <[EMAIL PROTECTED]>
| The opinions expressed in this message are those of the author and do not |
| necessarily represent the views or policy of any other person, entity or |
| organization. All information is provided without warranty of any kind. |
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
