Resources from MPLUG Samba and LTSP Seminar

[Warren Togami]

This is a follow up e-mail with links to useful resources regarding the topics discussed in last Thursday's MPLUG seminar on Samba networking and Linux Terminal Servers.  This message is also sent to public mailing lists, because it contains several useful tips useful for many people.



--------------------------------------------------------------------------------

Remote Desktops with VNC

--------------------------------------------------------------------------------

Virtual Network Computing allows the use of remote desktops over a network, similar to PC Anywhere or Timbuktu.  Clients and servers are available for Windows, MacOS and many Unix platforms, with full source code available for download under the GNU GPL open source license.  A VNC server running on Windows or MacOS allows you to see and control the desktop, while Unix versions allow you to run multiple desktops supporting many users, much like a thin client configuration.

Downloads
TridiaVNC for Windows, Linux, Solaris, HP-UX, or AIX
http://www.tridiavnc.com
AT&T VNC for MacOS (Tridia doesn't support Mac)
http://www.uk.research.att.com/vnc/

For those already using the older AT&T VNC, try the much improved TridiaVNC for greater performance with their integrated zlib or 'Tight' compression encodings.



--------------------------------------------------------------------------------

Secure Networking with OpenSSH and Mindterm

--------------------------------------------------------------------------------

Background Information
As many of you may already be aware, protocols like telnet and FTP are rather unsafe due to their transmission of passwords and data in plain text over the network.  It is rather easy for someone with malicious intent to plant a sniffer on a machine on a network, grabbing passwords as they fly by broadcasted.  While these risks can be minimized with switched networks, sniffer detection and other security measures, there are always ways to circumvent these protections (like ARP poisoning).  Networks cannot be 100% safe, so how do you protect your passwords and data over the network?

Enter SSH.  SSH allows you to securely login to servers for encrypted shell access, replacing telnet and the completely insecure rsh.  Through SSH, you can do file transfers in several methods, scp, sftp, "FTP to SFTP bridge" and "tunneled FTP".  Especially when you are on slow links, file transfers can actually be FASTER with SSH than FTP, due to the built-in gzip compression available on the encrypted tunnel.  Also, through the use of public/private keys and keyphrases, you SSH can be more convenient because you no longer need to type in passwords to login (although this feature must be used with care.)  If you understand RSA/DSA encryption, SSH itself can theoretically be 100% secure as long as you keep your keys protected, keeping you safe from the main threat which is man-in-the-middle attacks.  If you are paranoid, read the many documents on the subject to learn about it.

Some of you may be wondering what is the difference between commercial SSH and OpenSSH.  Not much.  OpenSSH is a completely free re-implementation of SSH protocols 1 and 2, based on an earlier version of SSH that used to be open source.  OpenSSH is written by the same team that wrote OpenBSD, the most secure Unix operating system.  Latest versions of OpenSSH (from around v2.50 and later) are so compatible, that the original SSH company is rather upset at them, but that is another story.  In short, it is safe to say that OpenSSH is 99.99999999999% compatible with most of the features of SSH that you would normally use.  (SSH 3.x supports PKI and Smart Cards... do we actually use this?)  Not that there is anything bad about commercial SSH, but it can be rather expensive.

OpenSSH Home Page
http://www.openssh.org/
SSH Communicatinos Security
http://www.ssh.com/

SSH Clients (or "Shut up and tell me how to use it!")
The absolute fastest and easiest way of learning to use SSH is with Mindterm, a SSH client written in Java.  It has more features than any other SSH clients that I know of, including the commercial SSH client.  (Putty and SecureCRT SSH severely suck by comparison.)  Unlike all other SSH clients, this client will run on any platform (that supports Java), and you do not even need to install it on client machines because it can run as an applet on a web page.  You can also optionally run it as a local Java application if you have a Java Runtime Environment.  It is free for personal, non-commercial and academic use, and full source code are available for download.

Mindterm Home Page
http://www.appgate.com/products/mindterm/index.html
Mindterm Demo Java Applet
http://www.appgate.com/products/mindterm/demo/index.html

After you login to an SSH server, try "SCP File Transfer" and "FTP to SFTP Bridge" in the File menu for easy file transfers.

Perhaps the only drawback of Mindterm is that because it is Java bytecode in a virtual machine, it can be slower than a native compiled SSH client.  This can mean lower thru-put in file transfers over FAST networks, because your client machine may not have enough CPU power for the cypher and compression.

SSH, OpenSSH and Mindterm have many more cool secure networking features with tunneling, VPN, and chrootgroups capabilites.  I'll write up guides for these in the MPLUG Wiki community documentation pages sometime later.



--------------------------------------------------------------------------------

Linux Terminal Servers and Thin Clients

--------------------------------------------------------------------------------

Links to the best resources regarding these projects.

Linux Terminal Server Project
http://www.ltsp.org/
XTerminals Project
http://www.solucorp.qc.ca/xterminals/
K-12 Linux in Schools Project - Easy to understand guides and tailor made software for Linux Terminal Servers.
http://www.riverdale.k12.or.us/linux/


--------------------------------------------------------------------------------

Samba Windows Domain Controller

--------------------------------------------------------------------------------

Samba is a free alternative to Windows NT File, Printer and Domain Controller services, allowing you to support Windows clients using the SMB/CIFS protocol at a fraction of the cost of Microsoft software and client access licenses.  You also have the benefit of the Unix and Open Source security model, avoiding many of the pitfalls of Microsoft's poor security model, and the reliance on the vendor to release stable updates and security fixes when exploits are found.

Samba Home Page
http://www.samba.org/
Samba HOWTO Guide to Everything
http://us2.samba.org/samba/docs/Samba-HOWTO-Collection.html
Samba GUI Administration Tools (SWAT and Webmin are very nice)
http://us2.samba.org/samba/GUI/
Samba Easy Step by Step Guide
http://www.linuxorbit.com/howto/sambahowto.php3


--
Warren Togami
warren at togami.com
Mid-Pacific Linux User's Group
http://www.mplug.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freesoftwarehawaii.org/pipermail/luau-freesoftwarehawaii.org/attachments/20010805/3898aaa9/attachment-0001.htm>