?

Log in

No account? Create an account

Previous Entry | Next Entry

Dear LazyWeb

So I have a Mac at work and a Mac and a PC at home. I want to be able to connect from my Mac at work to both of my machines at home, graphically. Have dynamic dns and can do port forwarding through my router. Played around now with tunneling VNC through SSH, though doesn't work for my Windows desktop and my Mac at home only runs SSH on 22 which I don't really want to forward through due to SSH exploits which I'm sure will continue to come out.

So, what options do I have to create a secure connection home and then connect graphically to both of my machines? Thinking the best solution is either running a VPN server at home I connect to, then can use VNC since security is taken care of, or buy a cheap machine to run as a bastion host. Could use Apple Remote Desktop for the Mac -> Mac, but it isn't free and if I'm going to do this via software then I want free and open source. I think I'm liking the VPN solution best, though what am I missing here? There has to be a way to do this with no new hardware.

Comments

( 14 comments — Leave a comment )
scsi
Mar. 20th, 2006 06:55 am (UTC)
I used tightvnc before to go from Linux -> Windows Desktop. Works rather well.

As long as you keep your ssh server up to date, and have it only use version 2, you'll be safe. If there is a big ssh exploit out, your personal machine at home is the last thing you (or I) should be worried about. If you want, just put ssh on a non-standard port and forward that. I'd be more weary of exploits in the VNC than ssh personally. If you do however forward ssh, you'll get a lot of automated kiddie login scripts hitting ya trying to bruteforce passwords. Its lame.
daveman692
Mar. 20th, 2006 06:56 am (UTC)
The thing is it is the SSH server built into OS X. Can't run it on a different port, can't limit to version 2, etc. Wouldn't mind having a small linux box running sshd which I can lock down.
scsi
Mar. 20th, 2006 06:57 am (UTC)
You cant edit /etc/sshd_config?

Guess I wont be getting that mac laptop then.. :)
daveman692
Mar. 20th, 2006 07:56 am (UTC)
Well I could, but don't trust that it won't just be blown away with an OS upgrade.
vanbeast
Mar. 20th, 2006 06:58 am (UTC)
What? It's got an sshd_config just like any other SSH installation. /etc/sshd_config.

If you still can't get it doing what you want, I suggest you run openvpn on your mac, forward the VPN ports through the router to it, connect there and use VNC to control it or bounce to the PC if you need to.
daveman692
Mar. 20th, 2006 07:57 am (UTC)
I don't trust that my changes won't be blown away in an OS upgrade. At least with Debian it would let me know when it wants to make a change to the file, OS X will just do it.
vanbeast
Mar. 20th, 2006 08:01 am (UTC)
oh good call. I don't know how it handles that. I would hope it would be smart and just stick a copy of the old config, but yeah. Probably not :P

VPN is more fun anyway ;)
mart
Mar. 20th, 2006 11:05 am (UTC)

I'd go with VPN. That way you get the VNC/whatever stuff but you can also do anything else you'd normally do over a network without undue pain. The only problem with this approach is if the LAN at work and the LAN at home both use the same subnet, as is the case for me. When I'm VPNing into work I just cheat and set up routes to the hosts I need to connect to manually, since so far there aren't actually any conflicts between hosts.

I've been trying to convince them to renumber the work LAN to something crazy like 192.168.253.208/28, which no-one in their right mind would ever use at home! (I hope!). Haven't had much luck yet, though!

mart
Mar. 20th, 2006 11:08 am (UTC)

Umm, duh. Obviously my hypothetical crazy subnet would have a shorter prefix than that. ;)

daveman692
Mar. 20th, 2006 11:45 am (UTC)
I think we only use 192.168.64 and 192.168.100 at work, not sure how they were chosen though.
(Deleted comment)
daveman692
Mar. 21st, 2006 02:43 am (UTC)
link me plz
(Deleted comment)
daveman692
Mar. 21st, 2006 03:08 am (UTC)
You missed the should be free if software part.
vancoke
Mar. 25th, 2006 01:26 pm (UTC)
xaj xaj...
( 14 comments — Leave a comment )