Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


developerWorks: Connect Securely With ssh

Jul 16, 2003, 08:30 (0 Talkback[s])
(Other stories by Cameron Laird)

"Your servers should be physically isolated, all non-essential networking access should be disabled, and your only access should be through ssh or better. Live telnet, ftp, rlogin, rsh, and related services, in particular, can be excused only very, very rarely; they're simply too hazardous.

"Suppose you've done all these things. Now you're offsite--maybe demonstrating a product or thrashing out requirements with a new client or finishing up a conference that made it into your training budget. You need to tweak something back at the shop. How do you do it?

"First, be sure you should even try. Programmers and administrators are notorious for allowing themselves to be coerced into rushing work that would be better left for normal business hours and the relative calm of your own workplace. Don't victimize yourself this way. Be sure the connection you're after serves a legitimate business purpose and isn't an overreaction.

"If you're past those organizational issues, though, the answer to the connection question is "use ssh." Even if you rely, in principle, on a virtual private network (VPN) superior to ssh, I consider it prudent to set up ssh access for emergencies when you can't use your regular methods. VPNs remain a bit touchy and depend on specific hardware configurations. If the way you're 'calling home' is through a client's network, perhaps using a generic desktop, your choices are severely limited..."

Complete Story

Related Stories: