June 2003
Intermediate to advanced
336 pages
8h 54m
English
Content preview from Linux Security Cookbook
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Chapter 6. Protecting Outgoing Network Connections
In Chapter 3, we discussed how to protect your computer from unwanted incoming network connections. Now we’ll turn our attention to outgoing connections: how to contact remote machines securely on a network. If you naively telnet, ftp, rlogin, rsh, rcp, or cvs to another machine, your password gets transmitted over the network, available to any snooper passing by. [Recipe 9.19] Clearly a better alternative is needed.
Our recipes will primarily use SSH, the Secure Shell, a protocol for secure authentication and encryption of network connections. It’s an appropriate technology for many secure networking tasks. OpenSSH, a free implementation of the SSH protocol, is included in most Linux distributions, so our recipes are tailored to work with it. Its important programs and files are listed in Table 6-1.
Table 6-1. Important OpenSSH programs and files for this chapter
|
Client programs | |
|
ssh |
Performs remote logins and remote command execution |
|
scp |
Copies files between computers |
|
sftp |
Copies files between computers with an interactive, FTP-like user interface |
|
Server programs | |
|
sshd |
Server daemon |
|
Programs for creating and using cryptographic keys | |
|
ssh-keygen |
Creates and modifies public and private keys |
|
ssh-agent |
Caches SSH private keys to avoid typing passphrases |
|
ssh-add |
Manipulates the key cache of ssh-agent |
|
Important files and directories | |
|
~/.ssh |
Directory (per user) for keys and configuration ... |