[lug] SSH
David Morris
lists at morris-clan.net
Tue Sep 3 13:57:33 MDT 2002
On Tue, Sep 03, 2002 at 01:00:56PM -0600, John Dollison wrote:
> I've never used SSH before, but I just finished installing it and reading as
> much of the help as I could digest.
>
> I see that various methods of authentication and encryption are supported,
> but I'm a bit confused - if I'm a first-time user and want to connect to a
> web host to upload some files to my new website, is SSH automatically
> secure, or do I first need to configure it (like generating public/private
> key pairs)?
SSH is *always* secure, you have no choice about that. You
can select, among other things, the encryption algorithm,
and the authentication algorithm.
If you do not create an RSA public/private key-pair, you
will use password authentication, which means your password
goes over the internet in plain text...which is bad if one
of your worries is packet sniffing. If you create an RSA
keypair, you put the public key off on the server you are
connecting to, then you simply have to type in passphrase
for the local private key of the pair when you connect; this
passphrase is *not* sent out over the internet, but is
simply used to decode the file used for encryption.
One of the benefits of using RSA keypairs is that you can
use ssh-agent and ssh-add (ssh-askpass if you are running X
to store the passphrase locally while you are logged in;
then you can use ssh/scp to other systems without typing in
the passphrase/password each time.
Also, it is highly recommended that you use blowfish
encryption as it is *far* faster than the default. Simply
give ssh or scp the '-c blowfish' option. I usually create
an alias to do this for me (alias ssh='ssh -c blowfish').
Have fun.
--David
More information about the LUG
mailing list