Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
February 27, 2006, 5:10 am
rate this thread
I am going to have the need to remotely manage my home PC over the
The only time I have done something like this has been with either
PCAnywhere or VNC (I prefer UltraVNC as the flavor of VNC) over a
secure virtual private network, logging into my work PC from my home
Now I will need to be on the internet using a Window PC (2000 or XP),
and get into my home PC (another Windows 2000 or XP), and remotely
I believe I should be able to set up a OpenSSH tunnel on the internet
to use VNC (I would prefer VNC over PCAnywhere and GoToMyPC, due to
However, I was wondering if anybody has any thoughts on the security
of OpenSSH over PCAnywhere (v11.5) and GoToMyPC.
Protecting the data as seen is very important, and if the more secure
method is more costly or difficult to use, so be it.
I see that OpenSSH can use 3DES, Blowfish, AES and arcfour as
PCAnywhere uses a Symantec Cryptographic Module which is supposed to
adhere to the FIPS 140-2 Security Requirements, and uses AES, 3DES,
SHS, HMAC, and RNG.
GoToMyPC uses 128bit AES with a Cipher Feedback Mode (CFB).
I would prefer to use the OpenSSH/VNC route, due to the cost, and the
fact that it is open source. I am a little leary of proprietary
software, as they may have their own little "back doors" into the
data, whereas I would hope enough people would have looked at the
OpenSSH code to see any vulnerabilities in security.
Any thoughts on what would be better for a Windows host - PuTTY or
Cygwin? Or would tunneling into a Linux box securely, then VNC over to
the Windows PC be easier? Would this be more secure? (It might add a
layer of security, at least)
What about the remote? Again, I guess my choices are PuTTY or Cygwin.
As I mentioned, I will be logging into my PC from the internet, which
may or may not be behind a firewall/router.
My home system is connected to TimeWarner RoadRunner via a Linksys
I'm assuming that I will also need to run some type of dynamic DNS
service, such as DynDNS, as I have a dynamic IP address. Does the use
of DynDNS cause a security risk?
Any thoughts would be greatly appreciated.
Get rid of 1st and 3rd words before at sign to reply by email
Re: Security of OpenSSH versus PCAnywhere; GoToMyPC
Lots of people are doing exactly what you are proposing. I'm one of
them. I would recommend copssh as the ssh server at home and PuTTY for
the client. I've used cygwin for the client too but I like being able to
double click a Putty icon on my desktop and have it set up all my
tunnels as soon as I come in each morning. I also use Pageant to cache
my private key so I don't have to bother with passwords either.
I used SSHWindows for a while and switched to CopSSH. The former hasn't
been updated in something like a year while CopSSH is constantly being
updated. Both are based on CygWin. I also found CopSSH easier to install
and configure and in my opinion it just works better. One annoying
problem I had with SSHWindows was opening a bash shell from the remote
and entering an invalid command. It wouldn't report an error in the
shell. Instead it put it in a dialog on the console and hung the bash
shell until I vnc'ed to the console and closed the dialog. It was a real
nuisance. With CopSSH if I enter an invalid command it just tells me and
goes right back to the shell prompt.
I use UltraVNC too and there's one quirk with it that really annoys me.
It may or may not affect you depending on whether you run XP Pro or XP
Home at home. I use XP HOME with FUS (fast user switching) enabled. It
lets you switch between users' desktops without logging off. UltraVNC
can't handle this. If a 2nd user logs in on the home computer and I try
to view/control it with uvnc, it boots them out to the login screen
without saving anything. The guys that wrote uvnc say it's a problem
with windows and can't be fixed but I think *anything* can be fixed. And
logmein.com (mentioned later) doesn't display this behavior.
Not that I'm trying to deter you from uvnc over an ssh tunnel, but there
are a couple of other options you didn't mention. What about using the
Windows XP IPSEC VPN? I hear it's very secure. Another option if you
really prefer Open Source is OpenVPN. I used this for a while too
because it let me customize the port it runs over. My company's FW
blocks the ports used by the VPN built into XP so I couldn't use it. If
I want a VPN I have to use one with customizable ports like OpenVPN. I
stopped using it because the only thing I was using it for was to
encrypt uvnc traffic and the ssh tunnel turned out to be 2-3x faster.
Another free option is LogMeIn.com. It's like GoToMyPC except they offer
a free version. The pay version lets you do file transfers, remote
control, and a few other things. The free version is remote control
only. The downside is it's a 3rd party and you have to ask if you really
trust them. The upside is you can access your PC from any web browser.
No need to install ssh, vpn or anything else. Just point your browser
and www.logmein.com, authenticate, and your good to go.
To reply by email remove "_nospam"
- » Is it possible to get ssh to run on multiple ports
- — Previous thread in » Secure Shell Forum
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum