On Wednesday 26 July 2006 13:16, Cody Nelson wrote:
Currently I ssh to my network, I VNC and everything I need to through that SSH tunnel. I don't like this because I am forwarding ports from outside to this box.
That's what I don't understand. You are "forwarding these ports" thru the ssh tunnel. Don't you see that that is the MOST SECURE setup you could possibly have? Anything else you do will be less secure than what you already are doing. Are you SURE you understand what it means to tunnel other traffic thru ssh? You DO KNOW, don't you, that every bit of ssh traffic is encrypted? Even login? You do know that all the tunneled traffic (forwarded ports) is also encrypted and hidden from the world, and CAN'T be accessed from any where else? You DO know that you can have VNC on the server to listen only to 127.0.0.1 and these then can ONLY be accessed from an ssh connection into the server? Any other "layer" you add will be worse than what you already have. You will open MORE ports with LESS secure software. I think you need to to read up on the capabilities of SSH. The mere fact that you can forward a port from your home workstation to your server thru the ssh tunnel does NOT make that a security risk. Those ports are not available to anyone else. -- _____________________________________ John Andersen