![](/i/fill.gif) |
![](/i/fill.gif) |
|
![](/i/fill.gif) |
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
On 9/13/2011 3:42, Invisible wrote:
> I'm told it requires spending hours editing the X configuration files
> to set up authentication and so forth, and then to make sure the server is
> started, and then to tell the application you want to run to open on the
> remote machine rather than the local one (by using CLI options that vary for
> every individual program so you have to look them up), and then...
You're about 10 to 15 years out of date.
Back when 256 colors was a high-end graphics card, this is how it worked.
--
Darren New, San Diego CA, USA (PST)
How come I never get only one kudo?
Post a reply to this message
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
On 9/13/2011 0:30, Warp wrote:
> (If this so "trivial", why haven't I ever heard of this "RDP"? Yes, this
> is the first time in my life I hear of it.
RDP is the Remote Desktop Protocol. You probably have it installed on your
Linux machine under the name "Terminal Services Client." Try firing that up
and connecting to sgf.dnsalias.com. RDP is the new name because TSC was
originally designed for "X-Terminal" like operations on a headless server,
while RDP is generalized to connect to anything.
There's also "remote assistance", which uses the same thing except automates
the security and makes it easier for a naive user to let someone outside
help them out, allowing management of remote requests?
> And it's not like I haven't been
> using Windows pretty regularly for the past 15 years or so. Contrast me
> knowing about tools like rsync, rcp, scp and wget, which arguably are not
> the most obvious things in unix either. What is the difference?)
I don't know. Do you remote login to Windows machines? It's how one does it,
just like "ssh" does it for the UNIX world.
--
Darren New, San Diego CA, USA (PST)
How come I never get only one kudo?
Post a reply to this message
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
On 9/13/2011 1:21, Invisible wrote:
> Otherwise all
> this traffic would be unencrypted...)
It's encrypted without the VPN. It just uses DH without a cert, so you don't
get warnings about MITM.
--
Darren New, San Diego CA, USA (PST)
How come I never get only one kudo?
Post a reply to this message
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
On 9/13/2011 3:28, Warp wrote:
> I don't think Windows uses soft links itself either. Soft links are
> supported by NTFS, but I don't think Windows itself uses them for anything.
They've been used for ages by offline storage (i.e., files backed up to tape
that automatically get restored when you try to open them). They're also
used from Vista onwards to move your home directory stuff around, since
there's so many apps that hard-coded "Documents and Settings".
> (After all, Windows has to be able to work if installed on a FAT32 partition
> too.)
Not any more.
--
Darren New, San Diego CA, USA (PST)
How come I never get only one kudo?
Post a reply to this message
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
On 9/13/2011 1:27, Invisible wrote:
>>> You can thank Windows for this.
>>
>> Nah. You can thank NAT for this.
>
> I think it's more the general problem of Internet security.
No, it's a problem of routing. If you can't address the remote computer, you
can't give it a file, no matter what protocol you use.
>> Note how all of those require a running server on a public IP address.
>
> Well, yes. To perform a data transfer, you need a way to contact the other end.
That's my point. It's nothing to do with Windows vs Linux. It has to do with
public vs private IP addresses.
> I'm told there's a system called UPnP or something which is supposed to
> allow you to automatically bypass NAT.
The local machine still needs to run something that uses upnp to poke a hole
in the firewall.
> It's news to me that you can transfer files with RDP.
Give it a try. Log in remotely, copy a file off your desktop, mouse over the
remote machine, and pick paste.
Some older versions disallow this. It's kind of touchy, as you have to get
the same version at both ends, for example.
--
Darren New, San Diego CA, USA (PST)
How come I never get only one kudo?
Post a reply to this message
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
>>> No, I mean there's a *hardware* firewall in the way. You know, with the
>>> big Cisco sticker on it and the 3-digit price tag? (Although obviously
>>> that's only because I'm at work right now. My house doesn't have one of
>>> those...)
>>
You're off by two orders of magnitude. Most Cisco firewalls are in teh
5 digit price tag.
>> And that hardware firewall is completely incapable of forwarding ssh
>> connections? Pretty useless, I'd say.
>
> No, I don't have the password to configure it. (And besides, have *you*
> tried configuring Cisco stuff? It's not exactly intuitive. You probably
> need Certified Engineer status to figure it out.)
You don't need to be a Cisco Certified Internetwork Expert to figure it
out. The Cisco manuals are usually pretty easy to follow, and freely
available on their web site.
And it is actually pretty intuitive...
- Give each interface an ip address.
- Create your NAT tables.
- And off you go.
The only difference between a Cisco firewall and a D-link or NetGear
home router, besides performance and scalability, is that you can (and
should!) override the basic "everything outbound is ok, nothing inbound
can come in" configuration.
Just like you would with any other infrastructure firewall, whether
hardware (e.g.: Juniper, Netscreen, etc...) or software (e.g.:
Checkpoint) (Not talking about the software you run on your PC asking
you if it's ok for MSPAINT.EXE to run as a service)
--
/*Francois Labreque*/#local a=x+y;#local b=x+a;#local c=a+b;#macro P(F//
/* flabreque */L)polygon{5,F,F+z,L+z,L,F pigment{rgb 9}}#end union
/* @ */{P(0,a)P(a,b)P(b,c)P(2*a,2*b)P(2*b,b+c)P(b+c,<2,3>)
/* gmail.com */}camera{orthographic location<6,1.25,-6>look_at a }
Post a reply to this message
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
> On 13/09/2011 03:21 PM, Invisible wrote:
>>>> Terminal Services is where you have an expensive server-class
>>>> version of
>>>> Windows,
>>>
>>> Nope, that's Citrix (it may have changed names since MS acquired them,
>>> but everyone in the industry still calls it Citrix) and it runs on a
>>> different port than RDP. Terminal Services is the service running on the
>>> remote machine that receives the connection from MSRTC.EXE running on
>>> your computer to allow remote desktop connections.
>>
>> As far as I'm aware, Citrix is a completely different product made by a
>> completely different company. Terminal Services is just another instance
>> of the general RDP protocol.
>
> http://en.wikipedia.org/wiki/Remote_Desktop_Services
>
> Terminal Services most definitely *is* RDP. So is Remote Assistance.
> Exactly as I claimed.
So did I. the part that you describes as "where you have an expensive
server-class version of Windows, you install all your complicated
applications on that, and then end users use their Windows-based desktop
PC to log into the server and run the applications on that."
Is what I said was not Terminal Services. It may be technically
possible to do it via Terminal Services, but most entreprises who will
require this will use Citrix.
>
> http://en.wikipedia.org/wiki/Citrix
>
> Citrix was not "acquired" by MS at all.
>
> MS got the idea for Terminal Services from Citrix, but the actual wire
> protocol appears to be derived from PictureTel.
Read the sentence just below the one where you pasted this from. I was
mistaken in thinking that they had been bought, but they are indeed in
bed with Microsoft.
--
/*Francois Labreque*/#local a=x+y;#local b=x+a;#local c=a+b;#macro P(F//
/* flabreque */L)polygon{5,F,F+z,L+z,L,F pigment{rgb 9}}#end union
/* @ */{P(0,a)P(a,b)P(b,c)P(2*a,2*b)P(2*b,b+c)P(b+c,<2,3>)
/* gmail.com */}camera{orthographic location<6,1.25,-6>look_at a }
Post a reply to this message
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
> Puzzling thing: There are many, many SSH clients for Windows. There are
> no SSH *servers*. And I have literally no idea why.
Really?
http://www.freesshd.com/?ctt=download
Or maybe, running OpenSSH's sshd under Cygwin?
http://www.petri.co.il/setup-ssh-server-vista.htm
Or buying one of the many commercial versions available?
--
/*Francois Labreque*/#local a=x+y;#local b=x+a;#local c=a+b;#macro P(F//
/* flabreque */L)polygon{5,F,F+z,L+z,L,F pigment{rgb 9}}#end union
/* @ */{P(0,a)P(a,b)P(b,c)P(2*a,2*b)P(2*b,b+c)P(b+c,<2,3>)
/* gmail.com */}camera{orthographic location<6,1.25,-6>look_at a }
Post a reply to this message
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
On 13/09/2011 07:00 PM, Francois Labreque wrote:
>>>> No, I mean there's a *hardware* firewall in the way. You know, with the
>>>> big Cisco sticker on it and the 3-digit price tag? (Although obviously
>>>> that's only because I'm at work right now. My house doesn't have one of
>>>> those...)
>>>
>
> You're off by two orders of magnitude. Most Cisco firewalls are in teh 5
> digit price tag.
True. But not this particular one.
http://www.ebuyer.com/135532-cisco-asa-5505-firewall-edition-bundle-asa5505-50-bun-k9
(Go on, hack me. You know you want to.)
>>> And that hardware firewall is completely incapable of forwarding ssh
>>> connections? Pretty useless, I'd say.
>>
>> No, I don't have the password to configure it.
Still stands.
>> (And besides, have *you*
>> tried configuring Cisco stuff? It's not exactly intuitive. You probably
>> need Certified Engineer status to figure it out.)
>
> You don't need to be a Cisco Certified Internetwork Expert to figure it
> out. The Cisco manuals are usually pretty easy to follow, and freely
> available on their web site.
Really? That might be worth reading...
> And it is actually pretty intuitive...
>
> - Give each interface an ip address.
> - Create your NAT tables.
> - And off you go.
From what I've seen, you telnet into the router, enter a password, and
then enter lines of gibberish such as "enh eth gw all". You would
*definitely* need a manual to figure out WTH that actually means, or
what the name of the command you want is.
> The only difference between a Cisco firewall and a D-link or NetGear
> home router, besides performance and scalability, is that you can (and
> should!) override the basic "everything outbound is ok, nothing inbound
> can come in" configuration.
I'm still guessing that, between the configuration for routing to
multiple LANs, multiple VPN endpoints, and remote access, adding a line
that forwards SSH to a port on a desktop PC who's IP address is
configured via DHCP is probably going to take some doing. (!)
And we still have the minor issue that I don't have the password. :-P
Actually, I have a NetGear router in my house. I used it to create a VPN
between my house and my grandparents' house. It lets you do all sorts of
port forwarding and stuff. The only trouble is... it's not reliable.
Like, when certain datagrams pass through it, the firmware crashes, and
you have to power-cycle it to get the Internet back. Eventually I was
forced to take it out of the circuit, because it was pissing me off so
much! (No, there isn't a firmware update available.)
Given the price of the Cisco ASA, I'm almost tempted...
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
>> Damn. Setting up SSH has got a whole lot easier than when I tried to do
>> it with Debian a few years ago.
>>
>> I'm presuming it defaults to password authentication though? As I
>> recall, half the trouble was figuring out how to permanently and
>> irrevocably disable password authentication and *only* allow public key
>> authentication. (For one thing, you have to work out how to create a
>> keypair...)
>
> Yes, it defaults to password authentication.
>
> To disable password authentication, modify /etc/ssh/sshd_config to
> include:
>
> PasswordAuthentication no
>
> Done.
The solution may not be complex. Trying to find it in the documentation
often is.
Now explain how to generate a keypair and put the public half on the
list of acceptable clients.
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |