I have a Red Hat server running tiger-vncserver.
This is a hardened system and security doesn't like having so many ports open for VNC users so currently we have 15 (5901-5915). We are getting more users onboarded and anticipate more users after, not sure how many though.
Is there a way to make every user have a stateful VNC connection available but share ports? From security's perspective, we would only use like port 5900 or something.
If it matters, I am using Apache Guacamole in lieu of a VNC Viewer client due to our configuration requirements.
The issue with VNC and multiple users is missing connection manager for VNC that could be able to handle user authentication and start a separate VNC server for each user.
We had similar issues with Guacamole and remote VNC session and it was possible to handle this with several scripts that we had to integrate into our solution. However, the script had to grow over time and needed to include more and more logic for all specific situations that might happen.
In the end, it turns out that installing XRDP server on a remote Linux is a much easier and quite consistent solution. It opens only one port, 3389 can manage connections and user and Guacamole work well with it, just you have to use RDP protocol.
Related
I am using a ruby on rails app which goal is to handle lockers reservations by users and be able to unlock them using a smartphone.
The rails app is hosted on heroku (free plan), and I use several raspberry pi as remote servers that control opening of lockers.
So far, it works with HTTP requests from the app to the raspberry through a free http ngrok tunnel, but this is limited to a few requests per minute, and the connection is not secure/private at all, so it is not really what I need.
What type of solution would you recommend to ensure a more secure connection between the app and remote servers with no request number limitation ? I have a few concepts in mind, but I don't understand them well enough to know what I should look into. VPN ? SSH ? Web sockets ? Should I still use heroku ?
Thanks a lot guys!
You could achieve what you want with all technologies you listed above but I think using web sockets would simplify the setup process and it also seems to be the most robust.
Have a look at this client for your Raspberries.
To get the server to work you'll need a redis instance, which heroku offers in their free plan so you can keep it there. Your server app will need to use something like ActiveCable or faye.
I want to create a feature on my web portal where a user can click a link to open a telnet session in the browser itself. I researched the Net::Telnet library for Ruby. It has information on how to set up the connection.
But what about the web UI?
How to leverage the Net::Telnet library on the rails web app.
I have Rails 4.2.0 with Apache Passenger running on a CentOS 6.6 machine.
Because telnet is a streaming/serial type protocol and users will expect that type of experience, you might want to look into websockets or streaming http. The only other option would be to do polling to keep your view updated which seems like a very bad fit for a telnet client. Definitely an interesting problem. It appears that Net::Telnet behaves like a tcp socket connection so if you can wire that up to an http stream, which seems possible, you should be able to push it to a browser UI. Sounds like a cool project. Let me know how it takes shape.
I have a website running on a Linode server, so far so good. This website has an auth system built on top of devise. Users can login, do their stuff and be happy.
For the admin area (still programming) I want to have a secure VPN connection to access the data, because the admins will have access to all kinds of information from the users. I was thinking about a direct connection between their computers to the website.
The problem is that I didn't found a way to integrate VPN in a rails application and I don't have a clue of how this works outside a rails app.
Please, I really need to get this done.
OpenVPN is a setup that needs to be done on the server, and has got nothing to do with Rails. AFAIK you cant restrict a part of the web-app to be accessible only over VPN, unless ofcourse, you have a different web-app for such admin area, bind it/run it on a different IP, which is accessible only through VPNs like these.
An ideal setup would be.
x.x.x.x:80 - Public Web-App used by Users.
y.y.y.y:MNOP - Private Secure Web-App used by Admins
VPN access to y.y.y.y network over secure SSL Tunnel using Open VPN.
Refer: https://openvpn.net/index.php/open-source/documentation/howto.html to know how to setup VPN. Or else, there are lots of tutorials out there to help you out.
I have a project to implement server client protocol in our lab. I want to explain my project as there would two or more host and one administrator. on administrator screen all the information about host computer which log in by host users would be displayed as a icons. on clicking on particular icon administrator can see the all information about system details like (log in history etc.), and administrator can access the host screen remotely or can handle mouse of host users.
thank you.
For working with sockets and client-server networking over TCP/IP, I recommend reading Beej's Guide to network Programming: http://beej.us/guide/bgnet/, free on the web.
I'm doing some page scraping for a client and need to connect to their
vpn server. So I have the vpn client running on my linux box, and this
creates a new interface, say ppp0. Now, when I run Mechanize/open-uri,
etc. I need to be able to bind specifically to this particular
interface, because the other interfaces are to the internet in general.
How do I do this?
Thanks
If what you are connecting to over the VPN isn't also available over the open internet you shouldn't have to do anything and the internal TCP/IP networking stack should sort out the correct interface automatically.