Thursday, January 27, 2005

VNC, SSH, and security paranoia

As a matter of routine since I set up my new office, I've been using ssh (secure shell) to log into my home machine from my office and vice versa. OpenSSH is a free implementation of the SSH protocol, which provides a variety of different methods to encrypt the network traffic between the client and the server to allow private transmission of data back and forth. SSH can piggyback other protocols through its tunnel, which is something I had never tried until this week. I installed TightVNC on the Windows boxes in the law firm, figuring that if they needed my help, and I was working from home, that I would be able to log into the office and perform remote admin of their systems. Two nights ago, I logged in, using X11 forwarding through SSH, I was able to get the vnc viewer window to be broadcast from my office machine onto the monitor of my home machine. It took at least a minute where the console just hung, leading me to think that I'd done something wrong, when the window shot open on my screen, totally encrypted to the outside world. I was surprised to see that the encryption did not damper the refresh rate of the screen, which isn't so great unless you're doing remote admin on a local area network.

So, fast forward to today, when I was working from home, and the attorney called me, telling me that his computer was slow. I told him I could look into it from my house. Opposite of how anyone else would react, he was none too pleased with this situation. He told me he expicitly stated he wanted to no network in the office, which I had taken to mean he didn't want a server for his files or printing. So, I abandoned the pursuit and told him I wouldn't log into his machine, and that whatever his problem was, it would have to wait until Monday, when I would be in the office.

See, now I'm stumped. I can't figure out how to alleviate his fears of my being able to do these things and the potential legal liability he would face if his files were compromised. How do I explain to him that the whole transmission would garbled and useless to anyone who wanted to spy in on us?

I decided it would be a lost cause. If he has a problem with me logging into my machine from home and vice versa, however, I'm going to have to call off the whole arrangement, as networking is a vital part of what I need to do. My sister in law volunteered to let me use her computer during the day if the need arises, and I might just have to take her up on that. I have the VOIP router for my office phone line. It wouldn't be that hard just to move it to her place if I needed it. T'would be a hassle though, since I just bought business cards with my office address on them.



Post a Comment

<< Home