RE: [suse-security] sshd keep alive
Unless you have a specific need for ssh tunnels, you could simply setup a VPN tunnel between your host and the server using ipsec and thus ALL your connections to the server go through that secure tunnel. You don't need keepalives for that. Noah.
-----Original Message----- From: Emiliano Sutil [mailto:emiliano@iranon.com] Sent: 29 April 2004 10:15 To: suse-security@suse.com Subject: [suse-security] sshd keep alive
Hello,
I have Suse 9.0 and I use ssh to create tunnels to access several services of the server. My problem is that ssh close the connections if there is no activity in the tunnel. I have the property KeepAlive yes in the sshd_config but I doesnt work. I have ipchains as firewall, perhaps this is my problem but I don´t know,
¿any idea?
Thaks
-- Emiliano Sutil García
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
sematin@mtn.co.ug wrote:
Unless you have a specific need for ssh tunnels, you could simply setup a VPN tunnel between your host and the server using ipsec and thus ALL your connections to the server go through that secure tunnel. You don't need keepalives for that.
I'm looking for enlightenment here. Personal experience seems to indicate that ssh is a lot easier to set up then a vpn, freeswan being the only solution I've tried, and know of that works on Linux. So, ssh is the way I normally approach this problem. I can get ssh up an running from install, whereas freeswan is an effort measured in hours and frustration. Are there other solutions? -- Until later, Geoffrey Registered Linux User #108567 Building secure systems in spite of Microsoft
sematin@mtn.co.ug wrote:
Unless you have a specific need for ssh tunnels, you could simply setup a VPN tunnel between your host and the server using ipsec and thus ALL your connections to the server go through that secure tunnel.
I'm looking for enlightenment here. Personal experience seems to indicate that ssh is a lot easier to set up then a vpn, freeswan being the only solution I've tried, and know of that works on Linux.
As you'd experienced even ssh tunnels owns their pitfalls. There are cookbooks for connecting windows >=2k with ipsec enabled linux that works fine if your windows is fully patched and no specical needs like NATing firewalls/routers are in the game. [1] http://vpn.ebootis.de/ the bob -- http://www.hs-pongratz.de
sematin@mtn.co.ug wrote:
Unless you have a specific need for ssh tunnels, you could simply setup a VPN tunnel between your host and the server using ipsec and thus ALL your connections to the server go through that secure tunnel. You don't need keepalives for that.
Noah.
Hello, I have seen several responses to my question with the use of VPN IPSEC, well, I have no idea how I can do that, I have never use it . The tunnel I have to made is between a W2000 and the linux server, I have adsl on the both sides (3Com 812). and in the server side I have a also a firewall between the adsl router and the server ¿do you think I can use vpn ipsec tunnels in this scenario? If so, can you tell me where can I found documentation about how to do it ? Thaks -- Emiliano Sutil García ANÁLISIS Y DESARROLLO DE SOFTWARE S.L. Urb. San Roque, 22 24540 Cacabelos (León) España email: emiliano@iranon.com Telf. 902 100 103 Fax. 902 201 801
Emiliano Sutil wrote:
I have seen several responses to my question with the use of VPN IPSEC, well, I have no idea how I can do that, I have never use it .
Well, maybe you might give openvpn[1] a look. Its a lot easier to setup and works for *nix and win systems (at least for 2k and xp). IPSEC can be a pain in the ass... and gives you a lot of nice 'gifts' when using it like doesn't work behind a nat box etc. (yeah, you can enable ipsec passthrough but then afaik it works only with one client etc. etc.) HTH, Sven [1] http://openvpn.sf.net
I have seen several responses to my question with the use of VPN IPSEC, well, I have no idea how I can do that, I have never use it .
Well, maybe you might give openvpn[1] a look. Its a lot easier to setup and works for *nix and win systems (at least for 2k and xp).
HTH, Sven
I did a quick install that was really pretty easy so far. But while configuring it i failed to setup a tunnel directly between two hosts without any routers/firewalls between them. Examples there only describes models like: [endpoint]<--LAN-->[firewall]<--internet-->[Roadwarrior] or [endpoint]<--LAN-->[firewall]<--internet-->[router/firewall]<--LAN-->[Roadwarrior] Is it true that only with the upcoming openvpn 2.0 direct connections between server and client get possible. That would make ipsec the first choice. [anyserver POP/SMB]<---->[any client] Thx in advance the bob -- http://www.hs-pongratz.de
I did a quick install that was really pretty easy so far. But while configuring it i failed to setup a tunnel directly between two hosts without any routers/firewalls between them.
Oops, my fault. According to this [1] it is possible and easy. Works fine past few minutes. Double plus 4 easy installation and configuration! What about security issues on openvpn? [1]http://openvpn.sourceforge.net/install32.html the bob -- http://www.hs-pongratz.de
participants (5)
-
Emiliano Sutil
-
Geoffrey
-
Paranoiac_User
-
sematin@mtn.co.ug
-
Sven 'Darkman' Michels