Security of OpenSSH versus PCAnywhere; GoToMyPC - SSH

This is a discussion on Security of OpenSSH versus PCAnywhere; GoToMyPC - SSH ; Folks, I am going to have the need to remotely manage my home PC over the internet soon. The only time I have done something like this has been with either PCAnywhere or VNC (I prefer UltraVNC as the flavor ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Security of OpenSSH versus PCAnywhere; GoToMyPC

  1. Security of OpenSSH versus PCAnywhere; GoToMyPC

    Folks,

    I am going to have the need to remotely manage my home PC over the
    internet soon.

    The only time I have done something like this has been with either
    PCAnywhere or VNC (I prefer UltraVNC as the flavor of VNC) over a
    secure virtual private network, logging into my work PC from my home
    PC.

    Now I will need to be on the internet using a Window PC (2000 or XP),
    and get into my home PC (another Windows 2000 or XP), and remotely
    manage it.

    I believe I should be able to set up a OpenSSH tunnel on the internet
    to use VNC (I would prefer VNC over PCAnywhere and GoToMyPC, due to
    the cost).

    However, I was wondering if anybody has any thoughts on the security
    of OpenSSH over PCAnywhere (v11.5) and GoToMyPC.

    Protecting the data as seen is very important, and if the more secure
    method is more costly or difficult to use, so be it.

    I see that OpenSSH can use 3DES, Blowfish, AES and arcfour as
    encryption algorithms.

    PCAnywhere uses a Symantec Cryptographic Module which is supposed to
    adhere to the FIPS 140-2 Security Requirements, and uses AES, 3DES,
    SHS, HMAC, and RNG.

    GoToMyPC uses 128bit AES with a Cipher Feedback Mode (CFB).

    I would prefer to use the OpenSSH/VNC route, due to the cost, and the
    fact that it is open source. I am a little leary of proprietary
    software, as they may have their own little "back doors" into the
    data, whereas I would hope enough people would have looked at the
    OpenSSH code to see any vulnerabilities in security.

    Any thoughts on what would be better for a Windows host - PuTTY or
    Cygwin? Or would tunneling into a Linux box securely, then VNC over to
    the Windows PC be easier? Would this be more secure? (It might add a
    layer of security, at least)

    What about the remote? Again, I guess my choices are PuTTY or Cygwin.

    As I mentioned, I will be logging into my PC from the internet, which
    may or may not be behind a firewall/router.

    My home system is connected to TimeWarner RoadRunner via a Linksys
    router/firewall.

    I'm assuming that I will also need to run some type of dynamic DNS
    service, such as DynDNS, as I have a dynamic IP address. Does the use
    of DynDNS cause a security risk?

    Any thoughts would be greatly appreciated.

    Sincerely,

    TheNthTraveler
    -----------------------
    Get rid of 1st and 3rd words before at sign to reply by email

  2. Re: Security of OpenSSH versus PCAnywhere; GoToMyPC

    The_nth_Traveler wrote:

    [snipped]
    > I would prefer to use the OpenSSH/VNC route, due to the cost, and the
    > fact that it is open source. I am a little leary of proprietary
    > software, as they may have their own little "back doors" into the
    > data, whereas I would hope enough people would have looked at the
    > OpenSSH code to see any vulnerabilities in security.
    >
    > Any thoughts on what would be better for a Windows host - PuTTY or
    > Cygwin? Or would tunneling into a Linux box securely, then VNC over to
    > the Windows PC be easier? Would this be more secure? (It might add a
    > layer of security, at least)
    >
    > What about the remote? Again, I guess my choices are PuTTY or Cygwin.
    >
    > As I mentioned, I will be logging into my PC from the internet, which
    > may or may not be behind a firewall/router.
    >
    > My home system is connected to TimeWarner RoadRunner via a Linksys
    > router/firewall.
    >
    > I'm assuming that I will also need to run some type of dynamic DNS
    > service, such as DynDNS, as I have a dynamic IP address. Does the use
    > of DynDNS cause a security risk?
    >
    > Any thoughts would be greatly appreciated.



    Lots of people are doing exactly what you are proposing. I'm one of
    them. I would recommend copssh as the ssh server at home and PuTTY for
    the client. I've used cygwin for the client too but I like being able to
    double click a Putty icon on my desktop and have it set up all my
    tunnels as soon as I come in each morning. I also use Pageant to cache
    my private key so I don't have to bother with passwords either.

    I used SSHWindows for a while and switched to CopSSH. The former hasn't
    been updated in something like a year while CopSSH is constantly being
    updated. Both are based on CygWin. I also found CopSSH easier to install
    and configure and in my opinion it just works better. One annoying
    problem I had with SSHWindows was opening a bash shell from the remote
    and entering an invalid command. It wouldn't report an error in the
    shell. Instead it put it in a dialog on the console and hung the bash
    shell until I vnc'ed to the console and closed the dialog. It was a real
    nuisance. With CopSSH if I enter an invalid command it just tells me and
    goes right back to the shell prompt.

    I use UltraVNC too and there's one quirk with it that really annoys me.
    It may or may not affect you depending on whether you run XP Pro or XP
    Home at home. I use XP HOME with FUS (fast user switching) enabled. It
    lets you switch between users' desktops without logging off. UltraVNC
    can't handle this. If a 2nd user logs in on the home computer and I try
    to view/control it with uvnc, it boots them out to the login screen
    without saving anything. The guys that wrote uvnc say it's a problem
    with windows and can't be fixed but I think *anything* can be fixed. And
    logmein.com (mentioned later) doesn't display this behavior.

    Not that I'm trying to deter you from uvnc over an ssh tunnel, but there
    are a couple of other options you didn't mention. What about using the
    Windows XP IPSEC VPN? I hear it's very secure. Another option if you
    really prefer Open Source is OpenVPN. I used this for a while too
    because it let me customize the port it runs over. My company's FW
    blocks the ports used by the VPN built into XP so I couldn't use it. If
    I want a VPN I have to use one with customizable ports like OpenVPN. I
    stopped using it because the only thing I was using it for was to
    encrypt uvnc traffic and the ssh tunnel turned out to be 2-3x faster.

    Another free option is LogMeIn.com. It's like GoToMyPC except they offer
    a free version. The pay version lets you do file transfers, remote
    control, and a few other things. The free version is remote control
    only. The downside is it's a 3rd party and you have to ask if you really
    trust them. The upside is you can access your PC from any web browser.
    No need to install ssh, vpn or anything else. Just point your browser
    and www.logmein.com, authenticate, and your good to go.

    HTH
    --
    To reply by email remove "_nospam"

  3. Re: Security of OpenSSH versus PCAnywhere; GoToMyPC

    Almost forgot. If your IP is dynamic, you'll need an dynamic dns service
    just like you thought. I use dyndns.org because it's free and my router
    has a built in updater for them.

+ Reply to Thread