On Wed, Jun 4, 2014 at 9:47 AM, Giancarlo Razzolini <[email protected]> wrote: > Em 04-06-2014 10:29, Predrag Punosevac escreveu: >> I was not able to connect to X2Go server without GSSAPIAuthentication >> yes I can send you the picture of error from x2go client via private >> e-mail if you want. > I don't doubt you. And its not that you can't connect. I had this > problem in the past, the connection will appear to hang and it might be > well more than a minute before you have a shell on the machine. Try > logging in with ssh -vvv and see what happens. But this is an issue with > your ssh clients (assuming linux clients here), rather than your OpenBSD > openssh server. You could try the following configuration in your ssh > clients: > > Host * > GSSAPIAuthentication no > >> Why? This OpenBSD machine serves no other purposes but to be shell >> gateway. What will happen if it gets hacked? > What happens when any other machine gets hacked. Nothing more, nothing > less. Giving your users shell access, even when they don't have root > access, you are opening yourself to bugs that aren't otherwise > exploitable. So, in this case, there is little you can do, just always > follow openbsd stable and keep your environment as clean as possible. >> Well then I am already in trouble because probably my computing nodes >> and my users which I am trying to protect are hacked. As somebody who >> is maintaining OpenVPN server and 20 or so clients on our LAB remote >> location I am intimately familiar how "simple" is VPN solution. The >> Lab exists to serve the needs of people who have access to shell >> gateway machine no the other way around. > There are lots of options for "simplifying" OpenVPN deploying. You could > generate a windows installer with the users certificates, or, you could > drop certs altogether and use only user/pass authentication. Or use the > same certs for every user in combination with user/pass. Also, you don't > need necessarily to use OpenVPN. There is the l2tp/ipsec option, plain > ipsec and (argh) pptp. Depending on which operating system your clients > are using, they can have all of these vpn options already installed with it. > > Cheers, > > -- > Giancarlo Razzolini > GPG: 4096R/77B981BC >
+giancarlo if you have an OpenBSD setup that provide an ipsec vpn working for windows AND ipad AND android I would really be listenning carefully how you perform that. -- --------------------------------------------------------------------------------------------------------------------- () ascii ribbon campaign - against html e-mail /\
