ssh programs? vpn programs?

Jebus314

So I want to set up file sharing with my home computer over the internets. From what I've read, ssh and vpn are both valid ways of working this.

Does anyone have suggestions for awesome programs for setting up a ssh or vpn server?

The home computer is running vista, the other computer is running xp and ubuntu. Thoughts on which is more secure? Help me out here. Even replies simply stating, I use "x" and it works would be appreciated.

Doc

I use cygwin (a simulated unix environment) with an SSH server daemon on my home XP machine. For the client, I just use SCP and a regular command-line SSH from my OSX and ubuntu machines at work. If you are used to only using GUIs, it's a little clumsy. If you're used to the terminal, it's a great way of doing it.

SSH is very secure, provided you get the most recent version.

Barrakketh

WinSCP is a pretty good choice for a graphical client.

I run sshd on my home machine (running Linux) but still use a GUI for most file transfers and rsync via SSH for automated transfers or where I merely want to only freshen existing files (saves bandwidth and speeds things up).

mooshoepork

I use CuteFTP pro for my ipod touch. Not sure if that helps. It's pretty good.

mspencer

Just to be clear, VPN is a general class of solution. SSH is one specific way of doing VPN, but it also does other things.

Be careful when setting up an SSH server. Be sure you don't have any accounts on your PC that are not password protected. For example, if you have an account called "Owner" and you don't have to type a password to start using your computer, then an SSH server might allow anybody from the Internet to log in with Owner and no password and start doing things to your computer.

Before installing an SSH server, be sure every account is password-protected. That includes hidden accounts and especially your Administrator account.

Barrakketh

mspencer wrote: »

Just to be clear, VPN is a general class of solution. SSH is one specific way of doing VPN, but it also does other things.

Be careful when setting up an SSH server. Be sure you don't have any accounts on your PC that are not password protected. For example, if you have an account called "Owner" and you don't have to type a password to start using your computer, then an SSH server might allow anybody from the Internet to log in with Owner and no password and start doing things to your computer.

Before installing an SSH server, be sure every account is password-protected. That includes hidden accounts and especially your Administrator account.

While I understand that's always a good idea, I don't know why you'd be allowing passwords with SSH in the first place. On my server I only allow pubkey authentication and I always recommend that people setting up a server do the same.

Jebus314

Maybe I don't understand as much as I thought. It was my understanding that for ssh, the server has password protection or you could set up some sort of key authorization. The end result being that the in order to get access to the computer that the server is on I have to know the server password.

If this is not the case am I relying on just the security of the user login?

Also, I've read that you can specify that only certain ip addresses are allowed access. Is there a how to out there for setting up a secure server? It doesn't need to be super idiot proof, I think I am somewhat competent. The only problem is I can't seem to find a consensus. I've seen everything from people saying that just setting up openSSH/cygwin on windows is all you need, to people saying you should pick different ports instead of the basic port22 for ssh, ect.. Sometimes I hate google and it's vast unverified knowledge

Infidel

ssh uses the system accounts for authentication, so he's saying you need to be sure that they're secured properly.

Jebus314

Also thanks to everyone for pitching in. Nice to be able to actually ask someone for an opinion.

Jebus314

Infidel wrote: »

ssh uses the system accounts for authentication, so he's saying you need to be sure that they're secured properly.

So assuming basic windows vista setup, 3 users all admins (i know they shouldn't be but its really my parents computer and I am to lazy to make them change), decent passwords. Can I assume that's enough security? Are there ways to improve the security?

Rhino

This is my setup and it works well IMHO

FreeBSD : OpenSSH[D]
Win32: OpenSS[D] http://sshwindows.sourceforge.net/

TightVNC: http://www.tightvnc.com/
Both Server and Client.

Putty: http://www.chiark.greenend.org.uk/~sgtatham/putty/
SSH client for Win32

FileZilla: http://filezilla-project.org/

All of these are Free programs

to use:


1 Setup SSHD on Win32
Basically, run installer and then setup passwd file with 'mkpasswd'.

2 Install TightVNC

3 Setup windows firewall
Allow in OpenSSHD (22) and deny everything else.
Allow TightVNC and RDC though LOCALHOST only.

That's it.

Also get something like DynDNS if you are on dynamic IP:
http://www.dyndns.com/
It's free.


From Client:

Use Putty to connect to server.
Use Putty to tunnel/forward TightVNC session.

That'll allow you remote command line access AND remote control of your server.
Also you can use Windows Remote Desktop. Just forward though putty for extra security.
I think it works a bit better (faster).


for File transfers, use an SFTP session in FileZillia.


Easy as pie.

darkgrue

Barrakketh wrote: »

mspencer wrote: »

Just to be clear, VPN is a general class of solution. SSH is one specific way of doing VPN, but it also does other things.

Be careful when setting up an SSH server. Be sure you don't have any accounts on your PC that are not password protected. For example, if you have an account called "Owner" and you don't have to type a password to start using your computer, then an SSH server might allow anybody from the Internet to log in with Owner and no password and start doing things to your computer.

Before installing an SSH server, be sure every account is password-protected. That includes hidden accounts and especially your Administrator account.

While I understand that's always a good idea, I don't know why you'd be allowing passwords with SSH in the first place. On my server I only allow pubkey authentication and I always recommend that people setting up a server do the same.

Unlike Telnet, SSH encrypts plaintext passwords in-transit. Your password will still be encrypted before it is sent to the server.

When PasswordAuthentication is enabled on the server, your password is sent through the encrypted tunnel. In theory, someone with root privileges on the server could see your non-encrypted password, but that's highly unlikely. Anyone sniffing the network traffic will never see your plaintext password, as the SSH communication sets up encryption before you're prompted to enter your password.

Disallowing PasswordAuthentication mitigates the possibility that someone on the server could see your password. When you use public key authentication, the server never sees your password (or passphrase) - a different encryption-decryption-authentication method is used.

Pubkey encryption is better (especially since you can have much better/longer passphrases than some versions of UNIX allow in passwords), but the marginal risk increase in using passwords in an SSH connection isn't necessarily all that concerning.

BoGs

Are you trying to access certain files from other computers that have internet access to files that you have at home.... maybe setting up OpenVPN would be best.... or using a program such as DropBox which syncs files in folders over the internet.

google either and you can find if they suit your needs

urahonky

Just as an FYI, if you're trying to do this from your work computer please check with your IT department before you get to setting these up.