[plug] Security talk
Leon Brooks
leon at brooks.smileys.net
Wed Jun 14 01:56:52 WST 2000
To do a ppp-over-ssh VPN...
pppd pty 'ssh -t user at host pppd notty'
...and add routing to taste, for (untested) example:
route add -net $REMOTE_NETWORK $REMOTE_ADDRESS dev ppp0
ssh user at host
route add -net $LOCAL_NETWORK $LOCAL_ADDRESS dev ppp0
If pppd wants to authenticate, dissuade it by adding 'noauth' to the
config file (usually /etc/ppp/options). You can override this on a
per-line basis to have serial ports require authentication by creating
options.$DEVICE (eg. options.ttyS0) and putting 'auth' in that. If one
end doesn't want 'noauth' in the default config file, either that end
must be root and add 'noauth' to the appropriate pppd command, or set up
appropriate secrets in the pap-secrets file (usually
/etc/ppp/pap-secrets). You can also force specific IP addresses for each
end of the pipe by adding the addresses to the options file - man pppd
for details.
Attached is a prototype security-talk page, with links. A late addendum
is http://world.std.com/~loki/security/ which has many interesting
links.
Enjoy!
--
Linux will not get in the door by simply mentioning it... it must win
by proving itself superior. We have no marketing department, our sales
department is an FTP server in North Carolina and our programming
department spans seven continents. Am I getting through? -- Signal11
(/.)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20000614/fb1f261b/attachment.html>
More information about the plug
mailing list