security on vmware server using vmware-server-console

Support for security such as Firewalls and securing linux
Post Reply
kintaro0e
Posts: 5
Joined: 2006/07/26 06:22:48
Contact:

security on vmware server using vmware-server-console

Post by kintaro0e » 2006/07/26 07:00:27

hi guys,

is there a security issues on connecting to the vmware server using the vmware-server-console?

example:
if my vmware server is on a public network in USA and i'm in UK with a public IP and i'm using a vmware-server-console, when i connect to the server does the passowrd is encrypted going to my server?is it safe? thanks!

ixeous
Posts: 113
Joined: 2005/07/07 13:01:59

Re: security on vmware server using vmware-server-console

Post by ixeous » 2006/07/27 15:29:02

I don't know whether vmware encyrpts the data or not, but you can tunnel the connection via ssh. That's how I access the GUI for my remote machines. http://www.ssh.com/support/documentation/online/ssh/adminguide/32/Port_Forwarding.html

kintaro0e
Posts: 5
Joined: 2006/07/26 06:22:48
Contact:

Re: security on vmware server using vmware-server-console

Post by kintaro0e » 2006/07/28 02:05:01

ixeous,

thanks my problem my iptables on what entry should i add to make this tunnel. :lol:

ixeous
Posts: 113
Joined: 2005/07/07 13:01:59

Re: security on vmware server using vmware-server-console

Post by ixeous » 2006/07/28 13:32:58

On the server, you only need to allow port 22 from the client and allow the server to access the vmware port on itself. The local machine should be able to access any ports on itself. I don't know which port vmware uses, but the cocept is the same for any service on any port. For example, I use VNC which listens on port 5900, but I don't want to have VNC open to the outside world. I configure the server so that the remote machine can access port 22 and the server can access 5900 on itselft. I configure my ssh client so that whenever I connect to my remote server, it will forward any connection to port 5900 on the localhost to the server tunneled through the ssh connection. So I ssh into the server, then I use VNC and connect to localhost:5900. It connects me to the VNC running on my remote server and all of the information moving back and forth is encrypted. As long as the firewall for the server allows port 22 and the firewall for the localhost allows port 5900, I can connect. One thing to mention, you do not have to use the same port number as the service on the local machine. I could have configured it so that I connect to localhost:35827 and that would be forwarded to the remote machine.

DrAxeman
Posts: 7
Joined: 2006/07/28 04:33:02
Location: California
Contact:

Re: security on vmware server using vmware-server-console

Post by DrAxeman » 2006/08/01 21:38:42

For security sake is an important change that should be made to your /etc/ssh/sshd_config file

Change

#Protocol 2,1

to

Protocol 2

The default config allows ssh v1.X connections. This version of the ssh protocol is buggy, and full of security holes. Changing this line allows only ssh v2.

kintaro0e
Posts: 5
Joined: 2006/07/26 06:22:48
Contact:

Re: security on vmware server using vmware-server-console

Post by kintaro0e » 2006/08/03 06:33:06

hi DrAxeman,

thanks for your advice..noted on my list.. :)

arrfab
Site Admin
Posts: 875
Joined: 2005/01/03 21:30:54
Location: /country/belgium
Contact:

security on vmware server using vmware-server-console

Post by arrfab » 2006/08/03 14:12:35

kintaro0e : i think i already gave you the ssh tunneling option on #centos in a conversation we had with hughesjr, isn't it ?
/me wonders what's the benefit of duplicate questions/answers ..... :o)

Post Reply

Return to “CentOS 4 - Security Support”