[ale] how do I get graphical remote access to my linux machine

Ron Frazier (ALE) atllinuxenthinfo at techstarship.com
Sat May 4 13:01:13 EDT 2013 

On 5/4/2013 3:46 AM, Alex Carver wrote:
> On 5/3/2013 23:49, Ron Frazier (ALE) wrote:
>> On 5/4/2013 2:13 AM, Alex Carver wrote:
>>> On 5/3/2013 22:53, Ron Frazier (ALE) wrote:
>>> The linux machine is within my
>>>> firewall at home, so I don't need super strong security.  A simple 
>>>> login
>>>> username and password is sufficient.
>>> [...]
>>>> NX has a
>>>> graphical administration option, but it appears to depend on having
>>>> apache installed.  I don't want to do that.  The fewer server 
>>>> processes
>>>> I have running, the better it is for security.  Both client and server
>>>> will be on the same wifi router using wpa encryption.
>>>
>>> So which is it?  Don't need super strong security or need better
>>> security?
>>>
>>
>> Hi Alex,
>>
>> I prefer not to be running any server processes other than the remote
>> access server (if possible) so I don't have to worry about the
>> configuration of too many things, particularly if I decide to access it
>> from outside the house at some point.  I prefer the data to be encrypted
>> between the client and server.  For the moment, simple user name and
>> password authentication is adequate.  If I decide to access it from
>> outside the house, I would use more secure user name and password and /
>> or possibly add a second factor authentication.
>
> Or you avoid that headache and just use an SSH tunnel and/or VPN for 
> any outside access.  There's no reason that you would need to (or 
> should) expose your machines directly to the outside for services that 
> only you use.  For my private services I have five web servers, three 
> remote desktop services, three IP cameras, two temperature sensors, 
> two disk arrays and a printer on my internal network.  All of them are 
> accessible from anywhere *provided* I first log into my internal 
> network and establish an SSH tunnel.  The only thing exposed to the 
> world (not including any intentionally public services) is the SSH 
> server otherwise the firewall is just a giant black hole.  Everything 
> that isn't the one SSH port or an intentional public service is blocked.
>
> I don't even have to mess with the firewall when I add a new private 
> service.  I just add a new tunnel to my SSH client.  Security is 
> handled by PKI with long keys and long pass phrases.  If I really 
> wanted to go all out I'd add port knocking to the router and make the 
> open ports even more obscure.
>
> The point I'm making is that you contradict yourself.  Either you're 
> not worried about security or you are.  If you are then plan for and 
> set up the security now especially if you intend any form of remote 
> access. You'll save yourself the headache later if you find that your 
> initial solution can't be secured properly.  If I am building a house 
> and think I may want to add an additional story in the future, I need 
> to lay the foundation properly to ensure it can support the added load 
> later.  If I don't bother to do that I will be wasting a lot more time 
> and effort later when I have to strengthen a weaker footer to add that 
> extra story.
>

Hi Alex,

I see your point.  I guess I'll set it up from the start with the 
possibility of external access.  That way, I'll be good regardless.

Sincerely,

Ron


-- 

(PS - If you email me and don't get a quick response, you might want to
call on the phone.  I get about 300 emails per day from alternate energy
mailing lists and such.  I don't always see new email messages very quickly.)

Ron Frazier
770-205-9422 (O)   Leave a message.
linuxdude AT techstarship.com
Litecoin: LZzAJu9rZEWzALxDhAHnWLRvybVAVgwTh3
Bitcoin: 15s3aLVsxm8EuQvT8gUDw3RWqvuY9hPGUU

More information about the Ale mailing list