<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META content="MSHTML 5.00.3315.2870" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY>
<DIV><FONT face=Arial size=2>This is a follow up e-mail with links to useful
resources regarding the topics discussed in last Thursday's MPLUG seminar on
Samba networking and Linux Terminal Servers. This message is also sent to
public mailing lists, because it contains several useful tips useful for many
people.</FONT></DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>
<HR>
</DIV>
<DIV><FONT face=Arial size=5>Remote Desktops with VNC</FONT></DIV>
<DIV>
<HR>
</DIV>
<DIV><FONT face=Arial size=2>Virtual Network Computing allows the use of remote
desktops over a network, similar to PC Anywhere or Timbuktu. Clients and
servers are available for Windows, MacOS and many Unix platforms, with full
source code available for download under the GNU GPL open source license.
A VNC server running on Windows or MacOS allows you to see and control the
desktop, while Unix versions allow you to run multiple desktops supporting many
users, much like a thin client configuration.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Downloads</FONT></DIV>
<DIV><FONT face=Arial size=2>TridiaVNC for Windows, Linux, Solaris, HP-UX, or
AIX</FONT></DIV>
<DIV><FONT face=Arial size=2><A
href="http://www.tridiavnc.com">http://www.tridiavnc.com</A></FONT></DIV>
<DIV><FONT size=2>
<DIV><FONT face=Arial size=2>AT&T VNC for MacOS (Tridia doesn't support
Mac)</FONT></DIV>
<DIV><A href="http://www.uk.research.att.com/vnc/"><FONT
face=Arial>http://www.uk.research.att.com/vnc/</FONT></A></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial>For those already using the older AT&T VNC, try the
much improved TridiaVNC for greater performance with their integrated zlib or
'Tight' compression encodings.</FONT></DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>
<HR>
</DIV>
<DIV><FONT face=Arial size=5>Secure Networking with OpenSSH and
Mindterm</FONT></DIV>
<DIV>
<HR>
</DIV>
<DIV><FONT face=Arial size=4>Background Information</FONT></DIV>
<DIV><FONT face=Arial>As many of you may already be aware, protocols like telnet
and FTP are rather unsafe due to their transmission of passwords and data in
plain text over the network. It is rather easy for someone with malicious
intent to plant a sniffer on a machine on a network, grabbing passwords as they
fly by broadcasted. While these risks can be minimized with switched
networks, sniffer detection and other security measures, there are always ways
to circumvent these protections (like ARP poisoning). Networks cannot be
100% safe, so how do you protect your passwords and data over the
network?</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial>Enter SSH. SSH allows you to securely login to
servers for encrypted shell access, replacing telnet and the completely insecure
rsh. Through SSH, you can do file transfers in several methods, scp, sftp,
"FTP to SFTP bridge" and "tunneled FTP". Especially when you are on slow
links, file transfers can actually be FASTER with SSH than FTP, due to the
built-in gzip compression available on the encrypted tunnel. Also, through
the use of public/private keys and keyphrases, you SSH can be more convenient
because you no longer need to type in passwords to login (although this feature
must be used with care.) If you understand RSA/DSA encryption, SSH itself
can theoretically be 100% secure as long as you keep your keys protected,
keeping you safe from the main threat which is man-in-the-middle attacks.
If you are paranoid, read the many documents on the subject to learn about
it.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial>Some of you may be wondering what is the difference
between commercial SSH and OpenSSH. Not much. OpenSSH is a
completely free re-implementation of SSH protocols 1 and 2, based on an earlier
version of SSH that used to be open source. OpenSSH is written by the same
team that wrote OpenBSD, the most secure Unix operating system. Latest
versions of OpenSSH (from around v2.50 and later) are so compatible, that the
original SSH company is rather upset at them, but that is another story.
In short, it is safe to say that OpenSSH is 99.99999999999% compatible with
most of the features of SSH that you would normally use. (SSH 3.x
supports PKI and Smart Cards... do we actually use this?) Not that there
is anything bad about commercial SSH, but it can be rather
expensive.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial>OpenSSH Home Page</FONT></DIV>
<DIV><A href="http://www.openssh.org/"><FONT
face=Arial>http://www.openssh.org/</FONT></A></DIV>
<DIV><FONT face=Arial>SSH Communicatinos Security</FONT></DIV>
<DIV><A href="http://www.ssh.com/"><FONT
face=Arial>http://www.ssh.com/</FONT></A></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=4>SSH Clients (or "Shut up and tell me how to use
it!")</FONT></DIV>
<DIV><FONT face=Arial>The absolute fastest and easiest way of learning to use
SSH is with Mindterm, a SSH client written in Java. It has more features
than any other SSH clients that I know of, including the commercial SSH
client. (Putty and SecureCRT SSH severely suck by comparison.)
Unlike all other SSH clients, this client will run on any platform (that
supports Java), and you do not even need to install it on client machines
because it can run as an applet on a web page. You can also optionally run
it as a local Java application if you have a Java Runtime Environment. It
is free for personal, non-commercial and academic use, and full source code are
available for download.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial>Mindterm Home Page</FONT></DIV>
<DIV><A href="http://www.appgate.com/products/mindterm/index.html"><FONT
face=Arial>http://www.appgate.com/products/mindterm/index.html</FONT></A></DIV>
<DIV><FONT face=Arial>Mindterm Demo Java Applet</FONT></DIV>
<DIV><A href="http://www.appgate.com/products/mindterm/demo/index.html"><FONT
face=Arial>http://www.appgate.com/products/mindterm/demo/index.html</FONT></A></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial>After you login to an SSH server, try "SCP File Transfer"
and "FTP to SFTP Bridge" in the File menu for easy file transfers.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial>Perhaps the only drawback of Mindterm is that because it
is Java bytecode in a virtual machine, it can be slower than a native compiled
SSH client. This can mean lower thru-put in file transfers over FAST
networks, because your client machine may not have enough CPU power for the
cypher and compression.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial>SSH, OpenSSH and Mindterm have many more cool secure
networking features with tunneling, VPN, and chrootgroups capabilites.
I'll write up guides for these in the <A
href="http://www.mplug.org/phpwiki/">MPLUG Wiki community documentation</A>
pages sometime later.</FONT></DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>
<HR>
</DIV>
<DIV><FONT face=Arial size=5>Linux Terminal Servers and Thin
Clients</FONT></DIV>
<DIV>
<HR>
</DIV></FONT></DIV>
<DIV><FONT face=Arial size=2>Links to the best resources regarding these
projects.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Linux Terminal Server Project</FONT></DIV>
<DIV><FONT face=Arial size=2><A
href="http://www.ltsp.org/">http://www.ltsp.org/</A></FONT></DIV>
<DIV><FONT face=Arial size=2>XTerminals Project</FONT></DIV>
<DIV><FONT face=Arial size=2><A
href="http://www.solucorp.qc.ca/xterminals/">http://www.solucorp.qc.ca/xterminals/</A></FONT></DIV>
<DIV><FONT face=Arial size=2>K-12 Linux in Schools Project - Easy to understand
guides and tailor made software for Linux Terminal Servers.</FONT></DIV>
<DIV><FONT face=Arial size=2><A
href="http://www.riverdale.k12.or.us/linux/">http://www.riverdale.k12.or.us/linux/</A></FONT></DIV>
<DIV> </DIV>
<DIV>
<HR>
</DIV>
<DIV><FONT face=Arial size=5>Samba Windows Domain Controller</DIV>
<DIV>
<HR>
</DIV><FONT size=2>
<DIV>Samba is a free alternative to Windows NT File, Printer and Domain
Controller services, allowing you to support Windows clients using the SMB/CIFS
protocol at a fraction of the cost of Microsoft software and client access
licenses. You also have the benefit of the Unix and Open Source security
model, avoiding many of the pitfalls of Microsoft's poor security model, and the
reliance on the vendor to release stable updates and security fixes when
exploits are found.</DIV>
<DIV> </DIV>
<DIV>Samba Home Page</DIV>
<DIV><A href="http://www.samba.org/">http://www.samba.org/</A></DIV>
<DIV>Samba HOWTO Guide to Everything</DIV>
<DIV><A
href="http://us2.samba.org/samba/docs/Samba-HOWTO-Collection.html">http://us2.samba.org/samba/docs/Samba-HOWTO-Collection.html</A></DIV>
<DIV>Samba GUI Administration Tools (SWAT and Webmin are very nice)</DIV>
<DIV><A
href="http://us2.samba.org/samba/GUI/">http://us2.samba.org/samba/GUI/</A></DIV>
<DIV>Samba Easy Step by Step Guide</DIV>
<DIV><A
href="http://www.linuxorbit.com/howto/sambahowto.php3">http://www.linuxorbit.com/howto/sambahowto.php3</A></DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>--</DIV>
<DIV>Warren Togami</DIV>
<DIV><A href="mailto:warren@togami.com">warren@togami.com</A></DIV>
<DIV>Mid-Pacific Linux User's Group</DIV>
<DIV><A
href="http://www.mplug.org">http://www.mplug.org</A></FONT></FONT></DIV></BODY></HTML>