[lug] SSH
D. Stimits
stimits at attbi.com
Tue Sep 3 16:44:52 MDT 2002
D. Stimits wrote:
> David Morris wrote:
>
>> On Tue, Sep 03, 2002 at 01:00:56PM -0600, John Dollison wrote:
>>
>>> I've never used SSH before, but I just finished installing it and
>>> reading as
>>> much of the help as I could digest.
>>>
>>> I see that various methods of authentication and encryption are
>>> supported,
>>> but I'm a bit confused - if I'm a first-time user and want to connect
>>> to a
>>> web host to upload some files to my new website, is SSH automatically
>>> secure, or do I first need to configure it (like generating
>>> public/private
>>> key pairs)?
>>
>>
>>
>> SSH is *always* secure, you have no choice about that. You
>> can select, among other things, the encryption algorithm,
>> and the authentication algorithm.
>>
> ...
>
> [nit-picking: Unless you use keys to authenticate, and the private key
> is not secured in some way...allowing access at some end based on
> presence of a private key without password is bad if you allow someone
> to get your private key...making it read-only is a first step]
I forgot, one other thing. Publicly exposed ssh ports are a big
liability if out-of-date versions of sshd are used. Assuming Redhat,
keep it updated:
ftp://updates.redhat.com
D. Stimits, stimits AT attbi.com
More information about the LUG
mailing list