2,411
edits
Changes
Jump to navigation
Jump to search
Line 24:
Line 24: − + − |'''Note''' − |By default, only two user names can be used to login remotely to the server: admin (to access the server console) and root (to use the Linux shell). Regular users are not permitted to login to the server itself. If you give another user the ability to login remotely to the server, you will need to access the underlying Linux operating system and manually change the user's shell.|| − |} Line 45:
Line 42: − + − |'''Note''' − |Your connection to the Internet needs to be established first before you initiate the PPTP connection. This may involve double-clicking one Dial-Up Networking icon to start your Internet connection, then double-clicking a second icon to start the PPTP connection. To shut down, disconnect your PPTP connection first, then disconnect from your ISP.|| − |} − + − |'''Warning''' − |To protect your network, the SME Server enforces the use of 128-bit encryption for PPTP connections, rather than the 40-bit encryption provided in earlier versions of Microsoft's PPTP software. If you are unable to establish a PPTP connection to your server, you should visit http://windowsupdate.microsoft.com/ and download the appropriate update. Due to the dynamic nature of Microsoft's web site, the page may appear differently depending upon the version of Windows you are using. In most cases, you will want to look or search for Virtual Private Networking or a Dial Up Networking 128-bit encryption update . You may need to install the 40-bit encryption update first, and then install the 128-bit encryption update. Note that with Microsoft's ActiveUpdate process, if you are not presented with the choice for this update, it is most likely already installed in your system.|| − |} Line 65:
Line 56: − + − |'''Warning''' − |Because ssh usage has increased to an acceptable level, telnet access has been removed from the SME Server.|| − |} Line 79:
Line 67: − + − |'''Note''' − |Depending on the architecture of your network infrastructure, the instructions for configuring the client machines on that additional network may be different than the instructions outlined in the chapter in this user guide. If you have questions regarding adding another network, you may wish to contact Contribs.org and visit the forums.|| − |} Line 91:
Line 76: − + − |'''Warning''' − |Misuse of this feature can seriously compromise the security of your network. Do not use this feature lightly, or without fully understanding the implications of your actions.|| − |}
SME Server:Documentation:Administration Manual:Chapter11 (view source)
Revision as of 23:18, 17 February 2007
, 23:18, 17 February 2007Added boxes
* Allow ssh using standard passwords - If you choose Yes (the default), users will be able to connect to the server using a standard user name and password. This may be a concern from a security point of view, in that someone wishing to break into your system could connect to your ssh server and repeatedly enter user names and passwords in an attempt to find a valid combination. A more secure way to allow ssh access is called RSA Authentication and involves the copying of an ssh key from the client to the server. This method is supported by your server, but is beyond the scope of this user guide and will eventually be covered by additional documentation on the contribs.org web site.
* Allow ssh using standard passwords - If you choose Yes (the default), users will be able to connect to the server using a standard user name and password. This may be a concern from a security point of view, in that someone wishing to break into your system could connect to your ssh server and repeatedly enter user names and passwords in an attempt to find a valid combination. A more secure way to allow ssh access is called RSA Authentication and involves the copying of an ssh key from the client to the server. This method is supported by your server, but is beyond the scope of this user guide and will eventually be covered by additional documentation on the contribs.org web site.
{| cellspacing="0" border="1"
{{DrawBoxnote|content=By default, only two user names can be used to login remotely to the server: admin (to access the server console) and root (to use the Linux shell). Regular users are not permitted to login to the server itself. If you give another user the ability to login remotely to the server, you will need to access the underlying Linux operating system and manually change the user's shell.}}
======11.1.1.1. ssh clients for Windows and Macintosh systems======
======11.1.1.1. ssh clients for Windows and Macintosh systems======
To connect using PPTP, the protocol must be installed on each remote Windows client. Typically, this is done through the Network Control Panel (you may need to have your original Windows installation CD available). After it is installed (a reboot of your Windows system may be needed), you can create new connections through the Dial-Up Networking panel by entering the external IP address of the server you wish to connect to. Once you're finished, you should be able to initiate a PPTP connection by double-clicking the appropriate icon in the Dial-Up Networking window. When you then open up your Network Neighborhood window, you should see your server workgroup listed there.
To connect using PPTP, the protocol must be installed on each remote Windows client. Typically, this is done through the Network Control Panel (you may need to have your original Windows installation CD available). After it is installed (a reboot of your Windows system may be needed), you can create new connections through the Dial-Up Networking panel by entering the external IP address of the server you wish to connect to. Once you're finished, you should be able to initiate a PPTP connection by double-clicking the appropriate icon in the Dial-Up Networking window. When you then open up your Network Neighborhood window, you should see your server workgroup listed there.
{| cellspacing="0" border="1"
{{DrawBoxNote|content=Your connection to the Internet needs to be established first before you initiate the PPTP connection. This may involve double-clicking one Dial-Up Networking icon to start your Internet connection, then double-clicking a second icon to start the PPTP connection. To shut down, disconnect your PPTP connection first, then disconnect from your ISP.}}
{| cellspacing="0" border="1"
{{DrawBoxWarning|content=To protect your network, the SME Server enforces the use of 128-bit encryption for PPTP connections, rather than the 40-bit encryption provided in earlier versions of Microsoft's PPTP software. If you are unable to establish a PPTP connection to your server, you should visit http://windowsupdate.microsoft.com/ and download the appropriate update. Due to the dynamic nature of Microsoft's web site, the page may appear differently depending upon the version of Windows you are using. In most cases, you will want to look or search for Virtual Private Networking or a Dial Up Networking 128-bit encryption update . You may need to install the 40-bit encryption update first, and then install the 128-bit encryption update. Note that with Microsoft's ActiveUpdate process, if you are not presented with the choice for this update, it is most likely already installed in your system.}}
=====11.1.3. FTP=====
=====11.1.3. FTP=====
telnet has traditionally been one of the tools used to login remotely to other systems across a network or the Internet. However, when you use telnet, all user names and passwords are transmitted without any kind of encryption, dramatically reducing the security of your server. For that reason, we strongly recommend the use of ssh as described above.
telnet has traditionally been one of the tools used to login remotely to other systems across a network or the Internet. However, when you use telnet, all user names and passwords are transmitted without any kind of encryption, dramatically reducing the security of your server. For that reason, we strongly recommend the use of ssh as described above.
{| cellspacing="0" border="1"
{{DrawBoxWarning|content=Because ssh usage has increased to an acceptable level, telnet access has been removed from the SME Server.}}
====11.2. Local networks====
====11.2. Local networks====
[[Image:Local-networks.png]]
[[Image:Local-networks.png]]
{| cellspacing="0" border="1"
{{DrawBoxNote|content=Depending on the architecture of your network infrastructure, the instructions for configuring the client machines on that additional network may be different than the instructions outlined in the chapter in this user guide. If you have questions regarding adding another network, you may wish to contact Contribs.org and visit the forums.}}
====11.3. Port forwarding====
====11.3. Port forwarding====
You can use the panel shown above to modify your firewall rules so as to open a specific port (or range of ports) on this server and forward it to another port on another host. Doing so will permit incoming traffic to directly access a private host on your LAN.
You can use the panel shown above to modify your firewall rules so as to open a specific port (or range of ports) on this server and forward it to another port on another host. Doing so will permit incoming traffic to directly access a private host on your LAN.
{| cellspacing="0" border="1"
{{DrawBoxWarning|content=Misuse of this feature can seriously compromise the security of your network. Do not use this feature lightly, or without fully understanding the implications of your actions.}}
====11.4. Proxy settings====
====11.4. Proxy settings====