Some background: Microsoft RDP (Remote Desktop Protocol) has vulnerabilities with regards to security and encryption (details are beyond the scope of this post). If we use a protocol that is more secure (namely SSH), then tunnel RDP through the more secure protocol, we wind up with a much more secure implementation.
Requirements:
- IPCop Firewall - or your favorite Linux distro server serving up SSH on a public IP address - I'll only address IPCop, but this can be generally applied.
- Remote Desktop Server (Like Windows XP Pro or Windows Server 2003 - other protocols like VNC will work with this, you just ned to know the required ports to fill in on your Putty Tunnel settings.
- A Windows client with Putty installed (it's easy, just go here -- and download putty.exe)
SSH to your IPCop as root and sign in.
Create a new user called remote as a member of a new group (also named remote) and use this user for shared remote access. As root, issue the following commands to add the new user:
groupadd remote
useradd -s /bin/bash -g remote -m -k /dev/null remote
The meaning of the command line options (from ifs.vlsm.org):
- -s /bin/bash
-
This makes bash the default shell for user lfs.
- -g remote
-
This option adds user remote to group remote.
- -m
-
This creates a home directory for remote.
- -k /dev/null
-
This parameter prevents possible copying of files from a skeleton directory (default is /etc/skel) by changing the input location to the special null device.
- remote
-
This is the actual name for the created group and user.
To log in as remote (as opposed to switching to user remote when logged in as root, which does not require the remote user to have a password), give remote a password:
passwd remote
No comments:
Post a Comment