Re: Remote Desktop directly to another computer on the network

I don't understand why this discussion is traveling down the road of "which
is the most secure way?" You win, a 2048 bit key pair is more secure.

Let's say i have 2 bit encryption on my rdp stream (which i don't and you
aren't going to crack the encryption on rdp).
1: you would have to know my ip address.
2: you would have know my port that I have open because I don't use the
default port... which means you would have to scan all 65536 ports to figure
out which port i use (assuming you knew my ip, becauuse you wouldn't be
scanning 65536 ports of a subnet)
3. now you have my port and ip.. well, you're not guessing my password on
rdp.. not matter how hard you try.
4. so now, you have to place a sniffer between my client and home rdp server
(assuming you knew when i was going to be on, and that my dynamic ip address
didn't change while you were waiting) just to maybe crack my password and/or
view my video stream. And the complexity of that, just becasue of logistical
reasons (disconnects, dropped packets, etc) would be another factor.

So, i wonder what the chances of all those events syncing up are? about the
same chance of me cracking that 2048 bit key i would think... lol

Now, you might even say that jsut seeing the open port (assuming all those
events came into play) would be enough for a DOS attack. Well, so would me
seeing your ssh port. Your router would suffer from the DOS attack most
likely long before the PC. And there is no reason for me to believe that ssh
will suffer less from a DOS attack that RDP. SSH has its own problems (and if
you'd like me to point them out, i would be happy to give the references).

Also, when you go to someone's house, do you have that key with you? Do you
download it from somewhere? Well, all I need is my lowly little password.

When I have a multibillion company I will use the key pair, but for now I
say I get more convience than someone using an SSH tunnel with a key pair.

Like, I said earlier.. both ways have their advantages.



"Sooner Al [MVP]" wrote:

Another reason I like SSH (or VPN if it floats your boat as they say) is for
simple secure file transfers. I generally use a free SFTP client called
WinSCP for that to access my home SSH server. No need to even callup RDP
just to transfer files. If you have the bucks WebDrive is nice because you
can actually map a remote folder through the SSH tunnel. I do that, ie. use
WebDrive, with a persistent SSH tunnel to my brothers SSH server. He has a
static business class IP/account with his cable ISP. Its great for file
transfers, ie. he puts a file in the common folder and I can grab it or vice
versa...

The other positive, at least in my mind, with a SSH link is the use of
private/public key pairs (I use a 2048-bit RSA key pair) for authentication
versus a password (strong or otherwise). The remote party must have the
private key that matches the servers public key or the connection is not
made period. The keys are further protected by a strong pass phrase. In my
setup, and my brothers, password authentication is strictly prohibited and
disabled. So the SSH link is encrypted from the get-go and the remote user
can only logon to the SSH server with a valid private key and strong pass
phrase. I like that...

Anyway, we all have our preferred methods and opinions. The discussion is
good...

Later...

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...


"auser" <auser@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:5166A126-6344-4F4C-98F2-5D50CA2A459B@xxxxxxxxxxxxxxxx
i am not really disagreeing with you... each has its own advantages.. but
when that 486 crashes... you'll think to yourself... maybe multiple ips
aren't such a bad idea... lol


"Peter" wrote:

if you are using encryption in rdp 5.1 or higher, you will not be able
to
view the stream. You would be no more likely to crack the encryption
than
you
would be to crack ssl encryption.. or ssh for that matter.

That is exactly my point.

VPN gives you only that advantage, that you do not have to manage your
router forwarding ports, when you add more remote PCs.
And you do not have to remember which PC uses which port.

But on the other hand, you have to maintain a VPN server, as you have
pointed it out.
(I actually do it VPN way. My VPN server is running on old 486 Linux PC,
very low maintanance)



.

Relevant Pages

  • Re: ipfw and nmap
    ... > even be correct but I have a bsd box that is simply providing me SSH ... add allow tcp from any to me 22 setup in via fxp0 keep-state ... Note too that there is nothing to prevent port scanners simply setting ... the 'SYN' flag in the probe packets they send to your server. ...
    (freebsd-questions)
  • Re: need help for setting SSH Server for Windows XP
    ... In my windows firewall proper ports are opened. ... Changing from port 22 to ports 80, 443 also doesn't give any results. ... static LAN IP of the server PC. ... It is *NOT* a valid test to call the SSH server PC from another ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: Port Forwarding -- Checking to be sure I understand it
    ... They run an ssh ... server and VNC service. ... If you want to run the tunnel over some port other than 22 (the ... restrictive firewalls that deny all incoming connections and block most ...
    (comp.security.ssh)
  • Re: Which shell / terminaltype for SSH Tectia for Windows?
    ... My remote Windows2003 server runs SSH Tectia 4.05 Server. ... That's the SMTP port, for email, not the port for SSH. ... the output from vim is not shown to me, ...
    (comp.security.ssh)
  • Re: ssh gives "Permission denied, please try again"
    ... port 22 on your internal machine, so you will need to keep ssh up to ... I configure the router to forward a different external port to 22 on my ... For good measure pick usernames that are none obvious, ... root/password: 163 times ...
    (uk.comp.os.linux)