[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [remote administrator (telnet, SSH, etc.)]



On Tue, Oct 23, 2001 at 04:56:50PM -0400, E M Recio wrote:
> "Albert Medina Banda" <albertmb2001@hotmail.com> wrote:

> > I need to administrate my ldap server using WWW,or any intranet tool because
> > my server is far of me, in another  building and i want to administrate it 
> > from a remote pc.

> Telnet works to bring the server up and down, edit configuration and do
> everything remotely. VNC might be an option if you dont mind security (but
> other than that, everything else is done over an X-term, so you might as well
> use telnet).

SSH does everything telnet does, and more, and fairly securely.[0] Plus you
can run VNC (look for the bind to loopback interface only options) or plain
old X11 over SSH. X11 over SSH is more secure (if less efficient) if you
have a normal xauth setup; X11 cookies are much larger than the universe of
possible VNC passwords, unless something has changed in the most recent
versions of VNC. Me, I seldom use the GUI stuff on remote systems, even on
the boxes that actually have X installed.

One big advantage of SSH for remote admin is you can easily switch userids 
as needed; who really wants a Web app running as root to restart slapd? 
That's just another big potential hole that SSH and normal tools like sudo 
or even su can handle just fine.

IMO, it would be good if everybody stopped running in.telnetd entirely. :-)

-Peter

[0] usual caveats about keeping up to date, e.g. OpenSSH < 2.9.9 have some 
known security issues, mainly related to restricted keypair authentication, 
which many folks don't use anyway...