Remote Access
Two proprietary remote access solutions are the built-in product on Microsoft clients and servers and the VPN products from Cisco systems. An alternative to these is based on Open Source Software (OpenSSH, Putty and VNC).
· Research these 3 Open Source offerings and document the installation steps for them (approx 8 pages including screen captures).
· In your report, include your comments on how secure you believe this remote access solution is.
| In this "Case Project" we learned how to use OpenSSH to tunnel VNC traffic. tools used are: Server Side (The machine that you want to make the connection to)
Client Side (The machine that you want to make the connection from)
PC You Wish to Access Remotely Secure Shell Setup Download OpenSSH for Windows from on the PC you wish to control from a remote location. Run the setupssh.exe executable program from the saved location. Select the defaults until you’re prompted with the following. Only the Server is required for connecting from a remote PC, but the Client may be used to connect to other SSH servers if desired.
Use the defaults and you’ll be prompted with the following message.
Note: In order to connect from a remote PC you’ll be logging in using your Windows username and password so ensure that it’s a secure one. Open up a command prompt (click Start · Run, type cmd, and press Use mkgroup to create a group permissions file for the local groups by typing mkgroup –l >> ..\etc\group and press
The OpenSSH server listens for traffic on TCP port 22 by default. Start the service as shown in the following screenshot
UltraVNC Setup Download UltraVNC from on the PC you wish to control from a remote location. Run UltraVNC-102-Setup.exe . Select the defaults until you’re prompted with the following screenshot. Only the Server is required for connecting from a remote PC. we’ll be using the viewer to check the installation, and the other components may be desired The Viewer is used to connect to other UltraVNC Servers.
Select the defaults until you’re prompted with the following screenshot. Select Register UltraVNC Server as a system service, Start or restart UltraVNC service, Configure Admin Properties.
Select the defaults and install. Since UltraVNC requires a password and one hasn’t been set yet, the following error will occur.
Acknowledge the error and configure the admin properties as follows. Ensure that you assign a VNC Password (up to 8 characters) at this point so you can connect later. Since the OpenSSH server is running on the same machine as the UltraVNC server, we need to Allow Loopback Connections.
Select OK and use the defaults for the remaining dialogs. After completing the UltraVNC server installation, test the loopback configuration by connecting using the viewer on the same PC. To do this, click Start · Run, type vncviewer, and press
To attempt the connection, specify 127.0.0.1 or localhost as the VNC Server and select Connect. After selecting Connect, you will be prompted for the VNC password assigned in the administrative properties section above (not the windows user password).
After entering the correct password, you will see the standard UltraVNC window of the local desktop, then disconnect using the Close Connection button (don’t simply close the window).
Remote PC PuTTY Setup As a prerequisite to configuring PuTTY to connect to the PC you wish to control from a remote location, OpenSSH needs to be configured as described in the Secure Shell Setup section above. Download PuTTY on the remote PC, use mostly default settings with a few exceptions.
Set up the SSH tunnel by setting the Source port to the UltraVNC server’s listening port (5900 is default) and a Destination of 127.0.0.1:5900 and select Add.
After selecting Add an item will be added to the Forwarded ports section as L5900 127.0.0.1:5900. In addition, 127.0.0.1 may be replaced by localhost. Define the remote PC’s Host Name or IP address, as shown in the following screen.
Once PuTTY has been configured to match your OpenSSH setup, select Open from the preceding dialog. The first time you try to connect you will receive the following warning. . To add it to PuTTY’s cache select Yes. If connection is successful, you will be prompted for your Windows password as shown below. After successfully entering the password you’ll move to the user’s home directory (\Documents and Settings\User). . UltraVNC Viewer Setup As a prerequisite to configuring the UltraVNC Viewer to connect to the PC you wish to control from a remote location, the UltraVNC Server needs to be configured as described in the UltraVNC Setup section above. Download the UltraVNC Viewer from http://sourceforge.net/project/showfiles.php?group_id=63887 on the remote PC. There is no installation required to run the viewer so simply run the vncviewer.exe executable and connect to the local host VNC Server as shown in the following.
After selecting Connect, you will be prompted for the VNC password assigned in the administrative properties section above (not the windows user password).
After entering the correct password, you will see the standard UltraVNC view of the remote desktop. When you finish your session, ensure that you properly close the UltraVNC connection using the Close Connection button and type exit in the PuTTY window to close out the OpenSSH session (don’t simply close the windows). The communication using SSH is almost secure and can make the transfer of data as it goes through in a safe transmitting using the authentication and encryption |
Notes:
- If the PC you wish to access does not have a static IP address assigned by your internet service provider (which is typically the case for a home PC) you may want to sign up for a free DynDNS account so you can connect to your home network using a host name that will automatically track your dynamic public IP address.
- Refer to http://the.earth.li/~sgtatham/putty/0.59/htmldoc/Chapter4.html#config for a full explanation of the PuTTY configuration.
- Copy the vncviewer.exe, UnZip32.dll and Zip32.dll files from the UltraVNC server PC if these were installed above. The DLL-files are required only for the file transfer capability.
No comments:
Post a Comment