developerWorks: Connect Securely With ssh

"Your servers should be physically isolated, all non-essential networking access should be disabled, and your only access should be through ssh or better. Live telnet, ftp, rlogin, rsh, and related services, in particular, can be excused only very, very rarely; they're simply too hazardous.

"Suppose you've done all these things. Now you're offsite--maybe demonstrating a product or thrashing out requirements with a new client or finishing up a conference that made it into your training budget. You need to tweak something back at the shop. How do you do it?

"First, be sure you should even try. Programmers and administrators are notorious for allowing themselves to be coerced into rushing work that would be better left for normal business hours and the relative calm of your own workplace. Don't victimize yourself this way. Be sure the connection you're after serves a legitimate business purpose and isn't an overreaction.

"If you're past those organizational issues, though, the answer to the connection question is "use ssh." Even if you rely, in principle, on a virtual private network (VPN) superior to ssh, I consider it prudent to set up ssh access for emergencies when you can't use your regular methods. VPNs remain a bit touchy and depend on specific hardware configurations. If the way you're 'calling home' is through a client's network, perhaps using a generic desktop, your choices are severely limited..."

Complete Story

Related Stories:

• Linux Journal: Doing It All with OpenSSH, Part 1(May 30, 2003)
• Open Source Digest: Authenticated Sendmail over SSL and IMAP over SSL on Red Hat Linux... (May 09, 2003)
• O'Reilly: Secure Chat with YTalk and SSH(Feb 21, 2003)
• NewsFactor: How Secure Is Secure Shell?(Jan 13, 2003)