January 20, 2017

Linux Networking, Part 6: Securing Your Network - page 3

Preparing for the Worst

  • November 8, 2000
  • By William Wong

Access to a Linux PC is usually through the main console or through a remote access package such as telnet. Telnet is normally enabled for Linux installations and is useful in a secure network. It is a potential problem in an unsecure environment like the Internet because the user name/password signon and the following session communication are unencrypted.

If remote access is necessary, then consider using a secure shell (SSH) service. This operates like the telnet service and remote telnet client except that the signon along with the entire session are encrypted. SSH is a good way to access Linux remotely, but do not get rid of strong (long) passwords as both are needed for good security.

SSH can provide console access, and can also be used with other applications such as X Window. This allows remote graphical access over a secure, encrypted channel.

We do not go into detail about SSH installation, but in general it is a relatively simple task, especially if you can obtain RPM files for the service and client. SSH supports a number of different encryption methods. Most implementations even support digital key authorization that is even more difficult to crack than user name/password logins.

SSH has not been bundled with most Linux distributions for licensing reasons but it is readily available on the Internet from a number of different sources including OpenSSH. The www.freessh.org Web site is another source of SSH information including resources and discussions about SSH alternatives.

Commercial versions of SSH are available from a number of companies such as SSH Communications Security. Commercial versions tend to have slightly better documentation and immediate support and there may be additional features that are lacking in noncommercial versions, such as encryption key management. Most home installations will be best served by the free versions of SSH.

SSH clients are available for non-Linux operating systems, such as Windows. This is handy if the remote PC is not running Linux as may be the case when using a company-provided laptop that runs Windows. Check out the Win32 Telnet/SSH client by Simon Tatham.

I highly recommend using SSH for remote management of a router and remote access of a local network.

Sitemap | Contact Us