 |
 |
 |
 |
 |
 |
|
SSH stands for Secure SHell It looks like telnet. The difference between SSH and Telnet is that SSH transparently encrypts the data between the client and the server. Why SSH? When you telnet to a machine and, say, type your password, every keypress of your password is relayed across the Internet to our server in cleartext. This means that if some nefarious person on one of the routers through which the information passes sniffed the packets (the Internet equivalent of "tapping" a phoneline), then they'd suddenly know your password, letter for letter! With SSH, the information is encrypted. So when you type your password, each letter is "scrambled" before it's sent over the Internet, and decoded at the other end. The encryption method is such that, if someone in between the servers stumbled upon the information, they'd just see a jumbled noise. As you might imagine, this increases your security significantly. Where can I get an SSH client?
Windows 95/98/NT/2000/XP Putty can be downloaded directly from our web site: http://downloads.shake.org/putty.exe There's also an excellent shareware client called SecureCRT which can be downloaded from: http://www.vandyke.com/products/securecrt/index.html You'll find there's more SSH clients listed at Tucows: http://www.tucows.com Linux Macintosh What about FTP? FTP shares the same sniffer problems with telnet. Because FTP remains so popular,
we won't be turning it off, of course! But there is a secure version of FTP
called scp (secure copy) and if you want the ultimate in security, use ssh and
A free basic windows graphical interface for scp is available here: Where can I learn more about SSH? See here: http://www.uwsg.iu.edu/security/quick-ssh.html Is there anything else I can do to improve security for the server and my web site? Well, the first and most important thing to consider is your passwords. We automatically assign what we consider to be reasonably secure passwords. Passwords should be primarily made up of dictionary words, should include letters or other characters and should not be related to your login name or domain name. You can change your passwords on any of our servers, by first using ssh to connect, then enter the word:- password (Note this is not the standard unix passwd command). We would recommend that you assign different passwords to your Mysql database, web page logins, and your main FTP/ssh facilities. You should also ensure all your POP3 passwords are different, and do not match your main password. If your passwords are different, you keep them secure, you use ssh and scp regularly, you will find that security is greatly enhanced. Sick of typing in passwords, use keys! create a rsa public and private key pair as follows: andrew@milk:~$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/andrew/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/andrew/.ssh/id_rsa. Your public key has been saved in /home/andrew/.ssh/id_rsa.pub. Now copy the public key usually called id_rsa.pub into /home/username/.ssh/known_hosts and when you now ssh to milk.shake.org you will not have to enter a password now, since it will use your public - private key to authenticate you from your workstation. Putty on windows also allows this, but you will have to figure it out for yourself as M$ windows is not something we encourage the use of. |
|
Site
Contents and Design (c) Andrew Och 2002
|