Remote access to my machine

Hi,

I want to provide remote access to my machine (RH 8) over a broadband
connection. I'm trying to provide access to my Linux RH8 box to another
(remote) developer. I want the developer to be able to access my
development area, with read/write access, but not to be able to copy any
of the files from my machine on to his machine. Is this possible?. If
yes, could you please outline what I need to do?. I am using a Dayteck
Vigor 2000 USB modem router.


I have the done the ff so far:

1). In NAT setup menu, selected configure port redirection table
2). Set ff details:
service name :SSH
protocol: TCP
public port: 22
private ip: [ip of my linux box]
private port: 22

3) Flagged it as active and hit ok
4) Created new user and forwarded username and pwd to my colleague

I can use SSH to log onto his computer, however he can't log onto mine.
When I log onto his machine, he resolved my IP address as I was coming
on and it was a different IP address than the BT Openworld IP address
(194.72.9.34). Any one have any ideas as to what I may be doing wrong ?


MTIA

"Takeshi" <do.not.spam.me@work.com> wrote in message
news:c8kunl$qs3$1@titan.btinternet.com...
> Hi,
>
> I want to provide remote access to my machine (RH 8) over a broadband
> connection. I'm trying to provide access to my Linux RH8 box to another
> (remote) developer. I want the developer to be able to access my
> development area, with read/write access, but not to be able to copy any
> of the files from my machine on to his machine. Is this possible?. If
> yes, could you please outline what I need to do?. I am using a Dayteck
> Vigor 2000 USB modem router.

Is CVS not a bether soulutin to you problem.

Benno

No. I will use CVS as the repository, but this is essentially a
connectivity/security problem. I want the user to login on my machine
and work on code with intellectual property rights (without being able
to copy the files back onto his machine).


Benno wrote:

> "Takeshi" <do.not.spam.me@work.com> wrote in message
> news:c8kunl$qs3$1@titan.btinternet.com...
>
>>Hi,
>>
>>I want to provide remote access to my machine (RH 8) over a broadband
>>connection. I'm trying to provide access to my Linux RH8 box to another
>>(remote) developer. I want the developer to be able to access my
>>development area, with read/write access, but not to be able to copy any
>>of the files from my machine on to his machine. Is this possible?. If
>>yes, could you please outline what I need to do?. I am using a Dayteck
>>Vigor 2000 USB modem router.
>
>
> Is CVS not a bether soulutin to you problem.
>
> Benno
>
>

On Fri, 21 May 2004 13:33:44 +0000, Takeshi wrote:

> No. I will use CVS as the repository, but this is essentially a
> connectivity/security problem. I want the user to login on my machine
> and work on code with intellectual property rights (without being able
> to copy the files back onto his machine).

Isn't that impossible? I mean, if he can read the file, he can always
copy it.

--
Sandro Mangovski

Maybe I should just use VnC ?

Sandro Mangovski wrote:

> On Fri, 21 May 2004 13:33:44 +0000, Takeshi wrote:
>
>
>>No. I will use CVS as the repository, but this is essentially a
>>connectivity/security problem. I want the user to login on my machine
>>and work on code with intellectual property rights (without being able
>>to copy the files back onto his machine).
>
>
> Isn't that impossible? I mean, if he can read the file, he can always
> copy it.
>

On Fri, 21 May 2004 13:33:44 +0000, Takeshi wrote:
>I want the user to login on my machine
>and work on code with intellectual property rights (without being able
>to copy the files back onto his machine).

Sandro Mangovski <sXandro@mosxor.net> asked:
> Isn't that impossible? I mean, if he can read the file, he can always
> copy it.

Yes you're correct. If you can see something then you can copy it
(remember pencil and paper).

Takeshi <do.not.spam.me@work.com> wondered:
> Maybe I should just use VnC ?

These are all poor technical solutions to what is essentially a legal
problem. If you've got IP that you want to protect then ensure that this
is covered in your (legal) contract with your developer.

If you don't trust your developers then you shouldn't be employing them
to do IP protected work.

Chris

Have you heard of Intellectual Property Agreement? This is a job for
lawyer not security. I don't know why you think VNC is secure.
Couldn't he use screen capture program and take a snapshot of his VNC
session every 2 second while he is editing files. How is this
different than copying file? With patience, it can be done (just
scoll down the file slowly).

If it is that important to you, I would consult the legal department
of your company. How effective would he be, if he can never see the
whole file and he needs your permission to open any file? Is
babysitting part of your job description? This is one of the reason
to have a legal department.

Think about this situation. With screen logging turned on during a
terminal session. A user just type:
cat */*/*/*/*/*
He/she would be able to re-assemable any files on your file system.

Takeshi (do.not.spam.me@work.com) wrote:
: Maybe I should just use VnC ?

: Sandro Mangovski wrote:

: > On Fri, 21 May 2004 13:33:44 +0000, Takeshi wrote:
: >
: >
: >>No. I will use CVS as the repository, but this is essentially a
: >>connectivity/security problem. I want the user to login on my machine
: >>and work on code with intellectual property rights (without being able
: >>to copy the files back onto his machine).
: >
: >
: > Isn't that impossible? I mean, if he can read the file, he can always
: > copy it.

Thanks very much guys. I had a hunch that it was more of a legal issue.
But I thought I could use security to avoid involving lawyers etc. Your
feedback is much appreciated. At least now I know that it is not
technically possible.

I particularly like the "work around" suggested by Alex ;-). I must
admit I hadn't even though of that. It just goes to show you that if
someone is really determined to "steal", there probably is no stopping
them (thecnically at least). It's only the threat of a legal suit that
does the job :-).

I'll speak to my lawyers and see if they can prepare an IP document that
is equally valid in the US (I am based in UK and my developer is in the
US). BTW if any one has any experience doing this sort of thing from the
UK, or can recommend UK lawyers amiliar with this, I will be most grateful.

MTIA


Alex Yung wrote:
> Have you heard of Intellectual Property Agreement? This is a job for
> lawyer not security. I don't know why you think VNC is secure.
> Couldn't he use screen capture program and take a snapshot of his VNC
> session every 2 second while he is editing files. How is this
> different than copying file? With patience, it can be done (just
> scoll down the file slowly).
>
> If it is that important to you, I would consult the legal department
> of your company. How effective would he be, if he can never see the
> whole file and he needs your permission to open any file? Is
> babysitting part of your job description? This is one of the reason
> to have a legal department.
>
> Think about this situation. With screen logging turned on during a
> terminal session. A user just type:
> cat */*/*/*/*/*
> He/she would be able to re-assemable any files on your file system.
>
> Takeshi (do.not.spam.me@work.com) wrote:
> : Maybe I should just use VnC ?
>
> : Sandro Mangovski wrote:
>
> : > On Fri, 21 May 2004 13:33:44 +0000, Takeshi wrote:
> : >
> : >
> : >>No. I will use CVS as the repository, but this is essentially a
> : >>connectivity/security problem. I want the user to login on my machine
> : >>and work on code with intellectual property rights (without being able
> : >>to copy the files back onto his machine).
> : >
> : >
> : > Isn't that impossible? I mean, if he can read the file, he can always
> : > copy it.

Takeshi wrote:
> No. I will use CVS as the repository, but this is essentially a
> connectivity/security problem. I want the user to login on my machine
> and work on code with intellectual property rights (without being able
> to copy the files back onto his machine).

I don't see how that could be possible--the stream has to at
least go to his machine in order for him to read and "work
on" and if it does then saving it locally will be possible.

That's what the read permission will allow.

jmh

Op Fri, 21 May 2004 13:03:49 +0000 (UTC) schreef Takeshi:

> Hi,
>
> I want to provide remote access to my machine (RH 8) over a broadband
> connection. I'm trying to provide access to my Linux RH8 box to another
> (remote) developer. I want the developer to be able to access my
> development area, with read/write access, but not to be able to copy any
> of the files from my machine on to his machine. Is this possible?. If
> yes, could you please outline what I need to do?. I am using a Dayteck
> Vigor 2000 USB modem router.
>
[snip]

Have you read your own post? You want him to be able to have R/W access to
the files, but not be able to copy them? How on earth do you think this
would be possible?

Or do you mean: not be able to copy any OTHER files? (In that case: secure
your file-permissions accordingly).

Or do you have a problem connecting in the first place?

In short: be more specific for us to be able to help.

--
-----=====##### PapaBear #####=====-----
Jesus is alive, I spoke with Him this morning!
----------------------------------------------