Can you explain why OpenSSH would corrupt my Active Directory domain?

[HGeneAnthony]

Here's the scenario. I co-admin a company which we set up on Active Directory with Roaming Profiles. The person in charge wanted a way to VPN into her desktop from her laptop. I decided on UltraVPN. I used no-ip for the dynapic IP and I was setting up tunneling through OpenSSH. Not being on the server I set up OpenSSH and UltraVPN on a computer in the domain as a domain admin (I wasn't thinking). I wasn't planning on pushing it yet but I needed to do some work with it and I wanted to set it up so SSH would auto authenticate without having to log in through Putty. The person in charge is AOL in level and anything more than pushing a connect button is above her. I had to run out to Wal Mart and when I came back all hell had broke loose. The computers were logging in dog slow, some couldn't log in or get on the web at all, resources were missing, etc. It took 3 hours to get everything back up and most of the computers had to be rolled back. I deleted everything for OpenSSH and Cygwin and UltraVNC it still didn't help. I honestly couldn't think why something installed on a local machine like that could cause the problems they did. Then I remembered the script for OpenSSH pulls out the users on the local computer or domain for login. It creates the keys you need, etc. I saw a warning about running it on a domain. Why would this cause these problems?

[Dapper Dan]

I can't provide you with a solution, but it is an interesting problem. I'll be watching this thread carefully! Good luck!

[Mystic_Slayer]

Problem is, you need to seperate users from your Active Directory. Your active directory is vulnerable to this kind of things.

Why did you put ssh on the Windows domain controller.

The first thing you need to learn is that Windows domain controllers need to work seperately from other machines.

The best way is to use VNC or Remote Desktop by microsoft.

[HGeneAnthony]

I wasn't on the domain controller I was on a seperate machine that I logged in as a domain admin. I shouldn't have logged in as a domain admin it was a major boo boo and I won't do that again. Although I'm wondering more of the mechanics that would cause this issue. I forgot that SSH pulls the users out of a domain if logged in on one (I assumed it would be a local machine) but I assumed the info for openssh would reside strictly on the local machine and run as a service. The issue I've heard of with Remote Desktop is that it's a light client of sorts. You can only run apps (for the most part) if they reside on both machines. It's more like the remote desktop server is telling a session running on your computer what to do. Plus it's still passed in the open. I believe Terminal Service is the only encrypted remote connection MS offers and it only works on servers.

[Mystic_Slayer]

Yeah correct about Remote Desktop. It only resides on servers. Probably you need to configure openSSH better.