Linux Today: Linux News On Internet Time.

Net-Security.org: Using SSH

Aug 25, 2001, 22:00 (2 Talkback[s])
(Other stories by Aleksandar Stancin)

[ Thanks to LogError for this link. ]

"SSH is a secure replacement for telnet, rlogin, other r* and ftp protocols which handle sensitive information in an unsecure manner. Telnet broadcasts sensitive information such as usernames and passwords unencrpyted whereas SSH encrypts them, so that a malicious user trying to retrieve them with a, i.e. some sniffer could have no use for them as such. Not only telnet is vulnerable to eavesdropping, many other network services behave in such unsecure manner. SSH stands for Secure Shell, and is the best solution so far for these. All those services (telnet, rlogin and such) are a menace for security of your systems, so if you're still using them, well... stop! Use SSH. Not sure nor convinced? Read on.

Imagine a situation where your network has a sniffer installed, without your knowledge, and you're using telnet (yes, I'm really trying to make you ditch that telnet service:)). You have a large network, a lot of sensitive information travels through it, many mission critical jobs depend on it. You're the admin, the entire system is in your hands, yes you have the power... So, you telnet to it, do some minor modifications, fiddle around the system and etc, and logout. Tomorrow, an almost nuclear holocaust happens, your network has been taken over. How come, you had a state of the art firewall, your system was patched regularly and had a flawless setup? Your almighty root password has been restored from the logs a sniffer caught while sniffing the network. You could have just handed your password around, just the same."

Complete Story

Related Stories: