Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
Phần này thảo luận về khả năng sử dụng PPP (Point-to-Point Protocol) trên một kết nối SSH như một mạng đầy đủ chức năng riêng ảo (VPN), giải pháp. Nếu bạn nhìn vào triển khai VPN truyền thống, chẳng hạn như việc triển khai IPSec, PPP qua SSH cung cấp | Secure Remote Access 259 Figure 7.23 The results of the pcAnywhere server with SSH. Secure VPN with SSH PPP over SSH This section discusses the ability to use PPP Point-to-Point Protocol over an SSH connection as a fully functional virtual private networking VPN solution. If you look at traditional VPN implementations such as IPSec implementations PPP over SSH offers almost everything that other implementations do. For example SSH offers strong encryption with 3DES Point-to-Point PPP access and the ability to provide multiple tunnels between two different networks. Furthermore unlike other VPN solutions PPP over SSH as a VPN solution does not require a significant cost for hardware appliances or software licensing does not require significant support requirements and has the ability to adapt to your existing network without any major re-architectural requirements. The advantages just mentioned as well as many others make PPP over SSH an ideal VPN solution for many small to mid-tier types of networks. PPP over SSH does not involve port forwarding but instead uses simple PPP scripts. Figure 7.24 shows a typical PPP architecture with an SSH server. 260 Chapter 7 SSH PPP Client 72.12.8.15 Router SSH PPP Server 11.30.11.21 Figure 7.24 The SSH PPP server architecture. In the architecture shown in Figure 7.24 the SSH server is also the PPP server which is a Linux RedHat 8.0 server running OpenSSH. Furthermore the client in the example is a regular RedHat 8.0 client machine with no services installed or running. No special changes are required on the firewall except a rule that allows connections on port 22 to the SSH PPP server. Once an SSH PPP client makes that connection it will have a VPN inside the internal network. PPP Daemon on the Server First you must ensure the PPP daemon pppd is loaded and functional on your SSH server. If you are using Linux Redhat 8.0 or higher the PPP daemon should work just fine out of the box. To confirm type the following commands on the .