[lug] SSH

D. Stimits stimits at attbi.com
Tue Sep 3 16:44:52 MDT 2002


D. Stimits wrote:
> David Morris wrote:
> 
>> On Tue, Sep 03, 2002 at 01:00:56PM -0600, John Dollison wrote:
>>
>>> I've never used SSH before, but I just finished installing it and 
>>> reading as
>>> much of the help as I could digest.
>>>
>>> I see that various methods of authentication and encryption are 
>>> supported,
>>> but I'm a bit confused - if I'm a first-time user and want to connect 
>>> to a
>>> web host to upload some files to my new website, is SSH automatically
>>> secure, or do I first need to configure it (like generating 
>>> public/private
>>> key pairs)?
>>
>>
>>
>> SSH is *always* secure, you have no choice about that.  You
>> can select, among other things, the encryption algorithm,
>> and the authentication algorithm.
>>
> ...
> 
> [nit-picking: Unless you use keys to authenticate, and the private key 
> is not secured in some way...allowing access at some end based on 
> presence of a private key without password is bad if you allow someone 
> to get your private key...making it read-only is a first step]

I forgot, one other thing. Publicly exposed ssh ports are a big 
liability if out-of-date versions of sshd are used. Assuming Redhat, 
keep it updated:
  ftp://updates.redhat.com

D. Stimits, stimits AT attbi.com





More information about the LUG mailing list