• Choose a category
• All
• Classic-Fiction

Software packages on the Internet are often distributed with a PGP signature file that purports to guarantee the origin and purity of the software. Unfortunately, it is difficult for people who are not die-hard PGP users to validate these signatures—not because the validation process is complicated, but because true PGP security can only come from having collected a personal library of public keys from people whose identities you have directly verified. Downloading a single public key along with a signature file and software distribution is approximately as secure as downloading the distribution alone.

SSH: the secure shell

The SSH system, written by Tatu Ylönen, is a secure replacement for rlogin, rcp, and telnet. It uses cryptographic authentication to confirm a user’s identity and encrypts all communications between the two hosts. The protocol used by SSH is designed to withstand a wide variety of potential attacks. It has been well studied and is being standardized by the IETF.

Like tripwire, SSH has morphed from being a freely distributed open source project (SSH1) to being a commercial product (SSH2). As with tripwire, the free version of the software is still widely available. The wire protocol has changed, however, and the two versions are not compatible. Although SSH2 is available for download for noncommercial purposes, the license terms are quite restrictive. We recommend sticking with SSH1, which works fine.

The original release of SSH1 is available from ftp.cs.hut.fi/pub/ssh. However, this version does not appear to be under active development anymore. The OpenBSD group has picked up the source code and provided some maintenance and restructuring of the SSH1 code base, while leaving the administration and behavior largely alone. Their version is called OpenSSH and has a web page at www.openssh.com. We’d recommend the OpenSSH version over the original, but the process you must use to obtain the source code is currently so tortuous that we hardly think it’s worth the bother. Perhaps this will change in the future.

The legal status of SSH was formerly somewhat ambiguous in the United States because SSH uses an encryption system (RSA) that was patented. However, the RSA patent expired in September, 2000.

The main components of SSH are a server daemon, sshd, and two user-level commands: ssh for remote logins and scp for copying files. Other components are an ssh-keygen command that generates public key pairs and a couple of utilities that help to support secure X Windows.

sshd can authenticate user logins in several different ways. It’s up to you as the administrator to decide which of these methods are acceptable:

• Method A:If the name of the remote host that the user is logging in from is listed in ~/.rhosts, ~/.shosts, /etc/hosts.equiv, or /etc/shosts.equiv, then the user is logged in automatically without a password check. This scheme mirrors that of the old rlogin daemon and in our opinion is not acceptable for normal use.

• Method B:As a refinement of method A, sshd can also use public key cryptography to verify the identity of the remote host. For that to happen, the remote host’s public key (generated at install time) must be listed in the local host’s /etc/ssh_known_hosts file or the user’s ~/.ssh/known_hosts file. If the remote host can prove that it knows the corresponding private key (normally stored in /etc/ssh_host_key, a world-unreadable file), then the user is logged in without being asked for a password. Method B is more restrictive than method A, but we think it’s still not quite secure enough. If the security of the originating host is compromised, the local site will be compromised as well.

• Method C:sshd can use public key cryptography to establish the user’s identity. At login time, the user must have access to a copy of his or her private key file and must supply a password to decrypt it. This method is the most secure, but it’s somewhat annoying to set up. It also means that you cannot log in when traveling unless you bring a copy of your private key