VNC and SCO open server

[lorel]

All our clients are running SCO UNIX, up to know we have been connecting to then via a modem attached to the server, this getting more and more difficult to do. Sometimes the modem is off, other times the client uses the modem line for his fax line, etc.
We have the need to connect to our client UNIX server directly via the Internet, perhaps using something called VNC. We DO NOT have the need to go into the X windows of the UNIX server, we would prefer to go to UNIX shell directly. if there any product. free or fee based, that will do what we want?

Thanks in advance

Joe

 

[Annihilannic]

Secure Shell (SSH) would be the logical and free choice I think.

VNC is not ideal (unless you get certain enterprise versions I think) because it doesn't encrypt the authentication or data. You can use it over a SSH tunnel anyway if you need to, but it sounds like VNC is unnecessary in your case since you don't need X.

Try and use an up-to-date version to reduce the chance of known vulnerabilities, and consider running it on a non-standard port so it's less likely to be hammered by potential intruders. Perhaps also restrict connectivity to a certain range of source IP addresses (if you can safely predict what they are likely to be).

Annihilannic.

 

[edfair]

On an earlier setup customer built up a linux firewall between the net and his server. Limited the incoming stuff and routed it out to the unix box, pretty much like the internet appliances do currently.

Ed Fair
Give the wrong symptoms, get the wrong solutions.

 

[lorel]

SSH would be the way to go, but, a proper setup SSH will required a properly setup firewall, a lot of our clients do not think that they need to buy a firewall.
We explain to them that it is for their own benefit and, in addition, it is required by the HIPAA law that they all fall under.
It is a loosing battle with the clients and finally we limit our self to strongly recommend it but we can not force them to buy the firewall.
Those clients that do have the firewall usually are resistant to give us access via SSH
When some one told me about VNC I decided to do some research, we do not need or even want access to the X window, everything we do is done at the shell level.

What we looking for is something like LogMeIn or PC anywhere for UNIX, it will have to be secure and easy to install via a batch file.

Is there anything that I could use?

Thanks

Joe

 

[Annihilannic]

LogMeIn (Hamachi?) is basically a Virtual Private Network (VPN). So if you can identify any VPN software for SCO then that would probably serve your needs.

Why your clients would feel any more or less comfortable about that than SSH is beyond me though?

Annihilannic.

 

[motoslide]

I agree with others that using SSH through their firewall (to a non-standard port) and limiting the firewall opening to your WAN IP is a great option. For others, you can get your own account at WebEx (or similar) and take over one of their PC workstations when you want to connect. It's better than nothing. Modem and SSH have a huge advantage (to them) because you don't have to kick somebody out of the chair as you are doing your work. Earlier versions of SCO don't support SSH without some additional downloads and are temperamental.

"Proof that there is intelligent life in Oregon. Well, Life anyway.

 

[piperent]

Or, rather than WebeX, just put winVNC on one of their PC's, (it's free), port forward their router (I assume they have one) using some unique port number (the default is 5900), and use it (PC) as the connection point. From their, you can telnet to the SCO box to get to the command prompt.

If the client won't spring for an SSH connection or even a VPN type of tunnel, this might be the only way for you to connect. For those security minded clients, you can set winVNC to be started manually by someone at their site, which gives them the piece of mind that you are not in their machine(s) without them knowing it. The only problem is they have to give up the use of that machine while you are logged in .... usually doesn't cause too much of an issue unless your going to be on there all day.

 

[patw]

SSH is definitely the way to go on SCO. All my SCO and Linux clients use it, unless they have a corporate grade managed firewall and provide VPN software for it (like Cisco's VPN client).

We've never had a client's SCO system hacked (knock wood) in the past 5 years after we kicked out modems and went to SSH. Many of them are also subject to HIPAA rules.

You can have the non-router clients use simple firewall/routers from D-link, Netgear or linksys for around $100 or less.

Then using PDF manuals from the manufacturer, walk them through setting up remote admin, then login to the Firewall and setup a rule to forward a random 5 digit port # from the WAN side to the SCO's IP.

Then change the SCO sshd config file to listen on the same port and there you are.

After it's all working, make sure *all* other incoming ports are turned of, then turn off remote admin and enjoy a modem-less support future.





----------------------------------------------------------------
Pat Welch, UBB Computer Services, a WCS Affiliate
SCO Authorized Partner
Microlite BackupEdge Certified Reseller
Unix/Linux/Windows/Hardware Sales/Support
(209) 745-1401 Cell: (209) 251-9120
E-mail: patubb@inreach.com