obakesan wrote:
> Folks
>
> after a long absence from IT I'm starting to set up a server here at home for
> operations as a database and www server. I'm intending to connect it to the
> LAN but not allow it outside to play.
>
> I was thinking of setting it up to run with no screen / keyboard to save space
> in the apartment (and keep it out of the way).
>
> Can anyone advise me if its better to try and get X going on the 'client'
> computers and connect to the server via X or just use SSH?
>
> thanks
>
> See Ya
> (when bandwidth gets better ;-)
>
> Chris Eastwood
> Photographer, Programmer Motorcyclist and dingbat
> blog: http://cjeastwd.blogspot.com/
>
> please remove undies for reply

There are tools that work very poorly in text-only mode. VMware is one of
them: RedHat's 'system-config-authentication', compared to 'authconfig-tui'
for non-X use, is another. Others, like virt-manager and OpenOffice, do not
operate in text mode at all.

The Natural Philosopher wrote:
> Mark Hobley wrote:
>> Hal Murray <hal-usenet@ip-64-139-1-69.sjc.megapath.net> wrote:
>>> Why encourage bad habbits? ssh works fine.
>>
>> SSH encrypts the network traffic. You might not want encrypted traffic
>> on an internal LAN. This may make network packet monitoring difficult
>> with conventional tools, and produces a decryption overhead on the
>> client machines (unless the network cards provide hardware level
>> cryptography).
>>
>> Mark.
>>
> ssh is a campus tool, when there are loads of nerdy geeks on a repeated
> (not switched) network who fire up packet sniffers to see if they can
> hack the servers..
>
> It is protection against a problem that has almost ceased to exist.
>
> I use telnet right across the Internet. The chances that someone could
> both sniff the password and spoof my calling IP address and be bothered
> to actually DO it are negligible.

From harsh, harsh experience, this is dead wrong.

Nico Kadel-Garcia wrote:
> The Natural Philosopher wrote:
>> Mark Hobley wrote:
>>> Hal Murray <hal-usenet@ip-64-139-1-69.sjc.megapath.net> wrote:
>>>> Why encourage bad habbits? ssh works fine.
>>>
>>> SSH encrypts the network traffic. You might not want encrypted
>>> traffic on an internal LAN. This may make network packet monitoring
>>> difficult with conventional tools, and produces a decryption overhead
>>> on the client machines (unless the network cards provide hardware
>>> level cryptography).
>>>
>>> Mark.
>>>
>> ssh is a campus tool, when there are loads of nerdy geeks on a
>> repeated (not switched) network who fire up packet sniffers to see if
>> they can hack the servers..
>>
>> It is protection against a problem that has almost ceased to exist.
>>
>> I use telnet right across the Internet. The chances that someone could
>> both sniff the password and spoof my calling IP address and be
>> bothered to actually DO it are negligible.
>
> From harsh, harsh experience, this is dead wrong.
Works OK here.

I have of course got single address holes through the firewalls.

Someone would have to access an ISP central router to spoof my address.

Since I use the connection very rarely, the chance of an existing
connection being hijacked is very low.

The Natural Philosopher wrote:
> Nico Kadel-Garcia wrote:
>> The Natural Philosopher wrote:
>>> Mark Hobley wrote:
>>>> Hal Murray <hal-usenet@ip-64-139-1-69.sjc.megapath.net> wrote:
>>>>> Why encourage bad habbits? ssh works fine.
>>>>
>>>> SSH encrypts the network traffic. You might not want encrypted
>>>> traffic on an internal LAN. This may make network packet monitoring
>>>> difficult with conventional tools, and produces a decryption
>>>> overhead on the client machines (unless the network cards provide
>>>> hardware level cryptography).
>>>>
>>>> Mark.
>>>>
>>> ssh is a campus tool, when there are loads of nerdy geeks on a
>>> repeated (not switched) network who fire up packet sniffers to see if
>>> they can hack the servers..
>>>
>>> It is protection against a problem that has almost ceased to exist.
>>>
>>> I use telnet right across the Internet. The chances that someone
>>> could both sniff the password and spoof my calling IP address and be
>>> bothered to actually DO it are negligible.
>>
>> From harsh, harsh experience, this is dead wrong.
> Works OK here.
>
> I have of course got single address holes through the firewalls.
>
> Someone would have to access an ISP central router to spoof my address.
>
> Since I use the connection very rarely, the chance of an existing
> connection being hijacked is very low.

Until, of course, you come to someone's attention who doesn't like you, or a
script kiddie who monitors your connection and picks up the packets saying
'password' as you connect to anything else on the remote end.

Monitoring at ISP routers is a matter of course for semi-pro or professional
crackers. Script kiddies hacking routers is a real problem. The infrequency of
your connections will help, but it's like leaving your laptop on the bus. You
might get it back, you might not. Why take the risk?

Hi

In article <486EA50C.7050600@gmail.com>, Nico Kadel-Garcia <nkadel@gmail.com>
wrote:

>
>There are tools that work very poorly in text-only mode. VMware is one of
>them: RedHat's 'system-config-authentication', compared to 'authconfig-tui'
>for non-X use, is another. Others, like virt-manager and OpenOffice, do not
>operate in text mode at all.

right up until I read this post I was thinking "yep, all sounds
reasonable ... I'll go with SSH"

but ... I'm intending to put VMware on the box to allow me to have;
-a couple of totally separate database instances going to test ASM concepts
- a win2000 'box' to play with remote desktop and perhaps other things

so it might be just as well to leave X running (as I've seemingly got it going
now). Box is:
AMD ATHLON 64 X2 4600+
MSI K9NGM4-F V2 (btw ... don't use this MB this if you're going to use
redhat!)
4Gig memory
some SATA drives

so probably X shouldn't bog it down much ...

thanks to everyone for the valuable information :-)





See Ya
(when bandwidth gets better ;-)

Chris Eastwood
Photographer, Programmer Motorcyclist and dingbat
blog: http://cjeastwd.blogspot.com/

please remove undies for reply

obakesan wrote:
> Hi
>
> In article <486EA50C.7050600@gmail.com>, Nico Kadel-Garcia <nkadel@gmail.com>
> wrote:
>
>> There are tools that work very poorly in text-only mode. VMware is one of
>> them: RedHat's 'system-config-authentication', compared to 'authconfig-tui'
>> for non-X use, is another. Others, like virt-manager and OpenOffice, do not
>> operate in text mode at all.
>
> right up until I read this post I was thinking "yep, all sounds
> reasonable ... I'll go with SSH"
>
> but ... I'm intending to put VMware on the box to allow me to have;
> -a couple of totally separate database instances going to test ASM concepts
> - a win2000 'box' to play with remote desktop and perhaps other things
>
> so it might be just as well to leave X running (as I've seemingly got it going
> now). Box is:
> AMD ATHLON 64 X2 4600+
> MSI K9NGM4-F V2 (btw ... don't use this MB this if you're going to use
> redhat!)
> 4Gig memory
> some SATA drives

Leaving X running is not the same as installing X enough to support VMware,
especially for remote access. And for the higher grades of VMware, they really
expect you to administer it from that ghods-awful Windows client.

> so probably X shouldn't bog it down much ...
>
> thanks to everyone for the valuable information :-)

Why do you want VMware? If you're not running something oddball, like SCO
OpenServer which I'm doing right now, Xen works quite well and is built into
RHEL and Fedora and plenty of other distributions in para-virtualized and thus
more efficient virtualization. And Xen knows how to be run, correctly, from
the command line.

Nico Kadel-Garcia wrote:
> The Natural Philosopher wrote:
>> Nico Kadel-Garcia wrote:
>>> The Natural Philosopher wrote:
>>>> Mark Hobley wrote:
>>>>> Hal Murray <hal-usenet@ip-64-139-1-69.sjc.megapath.net> wrote:
>>>>>> Why encourage bad habbits? ssh works fine.
>>>>>
>>>>> SSH encrypts the network traffic. You might not want encrypted
>>>>> traffic on an internal LAN. This may make network packet monitoring
>>>>> difficult with conventional tools, and produces a decryption
>>>>> overhead on the client machines (unless the network cards provide
>>>>> hardware level cryptography).
>>>>>
>>>>> Mark.
>>>>>
>>>> ssh is a campus tool, when there are loads of nerdy geeks on a
>>>> repeated (not switched) network who fire up packet sniffers to see
>>>> if they can hack the servers..
>>>>
>>>> It is protection against a problem that has almost ceased to exist.
>>>>
>>>> I use telnet right across the Internet. The chances that someone
>>>> could both sniff the password and spoof my calling IP address and be
>>>> bothered to actually DO it are negligible.
>>>
>>> From harsh, harsh experience, this is dead wrong.
>> Works OK here.
>>
>> I have of course got single address holes through the firewalls.
>>
>> Someone would have to access an ISP central router to spoof my address.
>>
>> Since I use the connection very rarely, the chance of an existing
>> connection being hijacked is very low.
>
> Until, of course, you come to someone's attention who doesn't like you,
> or a script kiddie who monitors your connection

How can he do that?

Not at my site,. as the cable to the hub would be obvious.

Not at the remote site,either, as that is manned 24x7.

you men he's hacked into some core iSP'd router?

Ho hum.

> and picks up the packets
> saying 'password' as you connect to anything else on the remote end.

How does he get to monitir any packets at all passing between me and teh
remote site?


>
> Monitoring at ISP routers is a matter of course for semi-pro or
> professional crackers.

I can assure you its not.


> Script kiddies hacking routers is a real problem.

I can assure you its not.

> The infrequency of your connections will help, but it's like leaving
> your laptop on the bus. You might get it back, you might not. Why take
> the risk?

Because of all te risks, it is the most unlikely: your thesis is founded
on illogical assumptions.

The Natural Philosopher wrote:
> Nico Kadel-Garcia wrote:
>> The Natural Philosopher wrote:
>>> Nico Kadel-Garcia wrote:
>>>> The Natural Philosopher wrote:
>>>>> Mark Hobley wrote:
>>>>>> Hal Murray <hal-usenet@ip-64-139-1-69.sjc.megapath.net> wrote:
>>>>>>> Why encourage bad habbits? ssh works fine.
>>>>>>
>>>>>> SSH encrypts the network traffic. You might not want encrypted
>>>>>> traffic on an internal LAN. This may make network packet
>>>>>> monitoring difficult with conventional tools, and produces a
>>>>>> decryption overhead on the client machines (unless the network
>>>>>> cards provide hardware level cryptography).
>>>>>>
>>>>>> Mark.
>>>>>>
>>>>> ssh is a campus tool, when there are loads of nerdy geeks on a
>>>>> repeated (not switched) network who fire up packet sniffers to see
>>>>> if they can hack the servers..
>>>>>
>>>>> It is protection against a problem that has almost ceased to exist.
>>>>>
>>>>> I use telnet right across the Internet. The chances that someone
>>>>> could both sniff the password and spoof my calling IP address and
>>>>> be bothered to actually DO it are negligible.
>>>>
>>>> From harsh, harsh experience, this is dead wrong.
>>> Works OK here.
>>>
>>> I have of course got single address holes through the firewalls.
>>>
>>> Someone would have to access an ISP central router to spoof my address.
>>>
>>> Since I use the connection very rarely, the chance of an existing
>>> connection being hijacked is very low.
>>
>> Until, of course, you come to someone's attention who doesn't like
>> you, or a script kiddie who monitors your connection
>
> How can he do that?
>
> Not at my site,. as the cable to the hub would be obvious.
>
> Not at the remote site,either, as that is manned 24x7.
>
> you men he's hacked into some core iSP'd router?
>
> Ho hum.

This is done as a matter of course. Or didn't you read the articles about
AT&T's cooperation with NSA monitoring?


>> and picks up the packets saying 'password' as you connect to anything
>> else on the remote end.
>
> How does he get to monitir any packets at all passing between me and teh
> remote site?

See above?

>
>>
>> Monitoring at ISP routers is a matter of course for semi-pro or
>> professional crackers.
>
> I can assure you its not.
>
>
>> Script kiddies hacking routers is a real problem.
>
> I can assure you its not.
>
>> The infrequency of your connections will help, but it's like leaving
>> your laptop on the bus. You might get it back, you might not. Why take
>> the risk?
>
> Because of all te risks, it is the most unlikely: your thesis is founded
> on illogical assumptions.

Nico Kadel-Garcia wrote:
> The Natural Philosopher wrote:
>> Nico Kadel-Garcia wrote:
>>> The Natural Philosopher wrote:
>>>> Nico Kadel-Garcia wrote:
>>>>> The Natural Philosopher wrote:
>>>>>> Mark Hobley wrote:
>>>>>>> Hal Murray <hal-usenet@ip-64-139-1-69.sjc.megapath.net> wrote:
>>>>>>>> Why encourage bad habbits? ssh works fine.
>>>>>>>
>>>>>>> SSH encrypts the network traffic. You might not want encrypted
>>>>>>> traffic on an internal LAN. This may make network packet
>>>>>>> monitoring difficult with conventional tools, and produces a
>>>>>>> decryption overhead on the client machines (unless the network
>>>>>>> cards provide hardware level cryptography).
>>>>>>>
>>>>>>> Mark.
>>>>>>>
>>>>>> ssh is a campus tool, when there are loads of nerdy geeks on a
>>>>>> repeated (not switched) network who fire up packet sniffers to see
>>>>>> if they can hack the servers..
>>>>>>
>>>>>> It is protection against a problem that has almost ceased to exist.
>>>>>>
>>>>>> I use telnet right across the Internet. The chances that someone
>>>>>> could both sniff the password and spoof my calling IP address and
>>>>>> be bothered to actually DO it are negligible.
>>>>>
>>>>> From harsh, harsh experience, this is dead wrong.
>>>> Works OK here.
>>>>
>>>> I have of course got single address holes through the firewalls.
>>>>
>>>> Someone would have to access an ISP central router to spoof my address.
>>>>
>>>> Since I use the connection very rarely, the chance of an existing
>>>> connection being hijacked is very low.
>>>
>>> Until, of course, you come to someone's attention who doesn't like
>>> you, or a script kiddie who monitors your connection
>>
>> How can he do that?
>>
>> Not at my site,. as the cable to the hub would be obvious.
>>
>> Not at the remote site,either, as that is manned 24x7.
>>
>> you men he's hacked into some core iSP'd router?
>>
>> Ho hum.
>
> This is done as a matter of course. Or didn't you read the articles
> about AT&T's cooperation with NSA monitoring?
>

Well I aint in the USA for one thing, and secondly, weird and naff
though they are, the NSA is not a 'script kiddie'


>
>>> and picks up the packets saying 'password' as you connect to anything
>>> else on the remote end.
>>
>> How does he get to monitir any packets at all passing between me and
>> teh remote site?
>
> See above?
>

So are you saying that te NSA is staffed by script kiddies who routinely
hack into peoplel servers just for the fun of it?

Over here, that would be a very criminal matter indeed. Still I guess in
the Land of the Free, only the govt is right? Fred to randomly and
casually screw your data over juts because they can.

And do pu REALLY think the NSA cant crack an ssh connection if they wan to?

Really..

The Natural Philosopher wrote:
> Nico Kadel-Garcia wrote:
>> The Natural Philosopher wrote:
>>> Nico Kadel-Garcia wrote:
>>>> The Natural Philosopher wrote:


>>> you men he's hacked into some core iSP'd router?
>>>
>>> Ho hum.
>>
>> This is done as a matter of course. Or didn't you read the articles
>> about AT&T's cooperation with NSA monitoring?
>>
>
> Well I aint in the USA for one thing, and secondly, weird and naff
> though they are, the NSA is not a 'script kiddie'

The AT&T/NSA hackery is publicly verified. And that's an instance where it was
revealed. That's right on a major internet fiber trunk, and it went on for
years as a matter of ISP policy. Now, given the vagaries of the US Patriot Act
and of other nation's security policies, to believe that the traffic is secure
at the ISP is ill-founded. And that was insider monitoring at the ISP.

The script kiddies are a distinct problem, I'll admit. Given the numerous
published vulnerabilities of even good routers, and given the internal
cracking and social engineering that can happen to both small and large ISP's,
there's just no reason to think any local or remote ISP's routers are safe. None.

>>>> and picks up the packets saying 'password' as you connect to
>>>> anything else on the remote end.
>>>
>>> How does he get to monitir any packets at all passing between me and
>>> teh remote site?
>>
>> See above?
>>
>
> So are you saying that te NSA is staffed by script kiddies who routinely
> hack into peoplel servers just for the fun of it?

The NSA does it as a matter of course. It's their job.

> Over here, that would be a very criminal matter indeed. Still I guess in
> the Land of the Free, only the govt is right? Fred to randomly and
> casually screw your data over juts because they can.

It's a criminal matter in the USA, too.

> And do pu REALLY think the NSA cant crack an ssh connection if they wan to?
>
> Really..

An encrypted session is a whole different ball of wax. The level of effort
required is much higher, and you can't just slap one of the Sandstorm
Netintercept boxes into the backbone and reassemble the traffic at whim the
way you can with with HTTP and Telnet and RSH. (THey're fascinating devices,
at http://www.sandstorm.net/: I've known the company head for years.)