Good idea? Bad idea? Better solution?

[VaeVictis]

so i find myself wondering occasionally why i never set up ssh to my computers at home.... just need to head on into my cheap little router and set up port forwarding for port 22, i use cygwin for ssh server and client while im home but i gotta be on my network...

ssh'ing directly into my desktop seems... eh... i dont like port forwarded to my desktop... so i was thinking maybe a minimal low power machine with public/private keys set up for my laptop to ssh in remotely, forward the ports to that... have nothing running on it that could really open me up to be compromised, just a minimal debian box running sshd, and then ssh from that to the different computers on my lan...

[reaper]

What do you want to connect to?  If it's Windows you're probably better off using one of those gotomypc things.  But if you want to do things a little different you could:

run a VM with Linux (cygwin is kinda frustrating imo)
setup key based authentiation (put the private key on your client, and your public key in a configuration file, then turn off password based logins once it's working)
to connect remotely, give yourself a static address on your LAN, or  a DHCP reservation, and translate destination port 22 from the public IP to the private IP at the router

you could then setup tunneling, so in your browser you put SOCKS localhost 85, and in the SSH client, you say 127.0.0.1:85 goes to your SSH server port 85.  what happens is the SSH service itself containers a SOCKS proxy, so traffic goes encrypted to your home computer, then the proxy server forwards the request.

you could also use the x-protocols, which are the *nix display protocols.  if you run an x-server on windows like x-ming, and put "localhost:0" in your SSH client, then when you type a program name on your shell via SSH, you see the graphical display of the program..  this is kind of like what FreeNX server does with Gnome or similar desktops.

[VaeVictis]

i know how to set up ssh -.- and cygwin isnt even frustrating in the slightest... just not polished like a real linux distro

[reaper]

well the reason you're setting up another machine is totally pointless. your best bet is to use a supported OS, and type or schedule something like "yum update, or apt-get update" so the ssh service is udpated, or just update the ssh service on your windows box.  you are dealing with imagary problems imo.

[VaeVictis]

well a low powered machine can go 100% uptime and keep an ssh connectivity into my network where i could connect into any one of the numerous computers i use at home, where as if i just forwarded ssh connections to my desktop for cygwin or debian to receive with sshd my desktop with higher end hardware will have to have uptime when im not home which seems like a waste

up to date software isnt any issue, and btw apt-get update doesnt update software like yum update does, all it does is update your repository which followed by apt-get upgrade will upgrade any out of date packages

just wondering if the dedicated connection in machine is a good idea or bad idea or if there is a better solution... dont think my routers support sshd... hmm.... i do have an old catalyst switch i could set up for shits and giggles and set up ssh on that... though im not sure if id be able to ssh to hosts on my network from the switch, i know other ios devices ya can but hosts not so sure

[reaper]

up to date software isnt any issue, and btw apt-get update doesnt update software like yum update does, all it does is update your repository which followed by apt-get upgrade will upgrade any out of date packages

well surpsingly enough, there was an OpenSSH modification made for a major distribution that took away randomness in key generation, so yes the software being patched can matter for something like an SSH service.

the IOS probably has an SSH client, but the SSH server is the switch and isn't going to be very functional.  If you don't want to leave your PC on, you're left with another PC..

[VaeVictis]

up to date software isnt any issue, and btw apt-get update doesnt update software like yum update does, all it does is update your repository which followed by apt-get upgrade will upgrade any out of date packages

well surpsingly enough, there was an OpenSSH modification made for a major distribution that took away randomness in key generation, so yes the software being patched can matter for something like an SSH service.

the IOS probably has an SSH client, but the SSH server is the switch and isn't going to be very functional.  If you don't want to leave your PC on, you're left with another PC..

the ssh server on ios does support public/private key set up, and you can store your passwords in a pretty damn secure salted md5 and i know you can ssh to other ios devices like routers and switches... however idk if it would support an ssh session to an openssh sshd run through cygwin on a windows machine... never tried honestly, dont have many high dollar ios devices just layin around :/ maybe ill set that switch up for some fun

and my stuff is always up to date, thats why updating is no issue

[reaper]

SSH is SSH, there's verion 1 and version 2.

[VaeVictis]

SSH is SSH, there's verion 1 and version 2.

never heard of verion 1!!

and yeah, but IOS ssh seems to act a little different some times.... wondering if its some proprietary build... guess i wouldnt know til i check it out