7 replies to this topic

[BillDozer357]

I was wondering if anyone could shed some light on the best way to configure secure access to a hosted webserver for administration (RDP, file transfers, etc.). Would running AD/NPS for PPTP(PEAP) be the way to go or are there better options?

[+BudMan]

So your hosted webserver is a member of your AD? Or is the DC in a AD?

I would just use ssh, public key auth is pretty freaking secure. And I can do anything I want via a ssh connection to that server. Without saying this is a no brainer if not using windows as your OS. A bit harder to get ssh up and running on windows box.

[BillDozer357]

BudMan, on 04 November 2012 - 13:25, said:

So your hosted webserver is a member of your AD? Or is the DC in a AD?

Sorry, I should have specified. What I had in mind was, the webserver(server 2008 r2 std) running it's own domain with nothing else as a member of that domain, running AD purely to authenticate incoming PPTP VPN connections.

I can't believe I didn't think of SSH though. That's what I get for trying to admin while running on no sleep.

Thanks, Bud.

[+BudMan]

"running AD purely to authenticate incoming PPTP VPN connections."

That is a bit overkill

[n_K]

I've got a VPN server running on server 03 R2 (Routing and Remote Access) without AD running and it works fine, local users can connect to it.

[ChuckFinley]

SSH Wouldn't work on Windows OS really.

[+BudMan]

Sure it would - couple of ways to run ssh on windows.

Here is version - not free http://www.bitvise.c...server-download for commercial, put FREE for personal.

here if free version - http://mobassh.mobatek.net/

Here is openssh port to windows
http://sshwindows.sourceforge.net/

etc.. etc.. etc.. Or just run in VM for that matter, or run it inside cygwin. Or just change to linux/bsd, if your wanting to serve up HTTP, wtf you using windows for in the first place

[BillDozer357]

BudMan, on 04 November 2012 - 15:07, said:

"running AD purely to authenticate incoming PPTP VPN connections."

That is a bit overkill

Nah.