Chapter 6. Protecting Outgoing Network Connections
In Chapter 3, we discussed how to protect your computer from unwanted incoming network connections. Now we’ll turn our attention to outgoing connections: how to contact remote machines securely on a network. If you naively telnet, ftp, rlogin, rsh, rcp, or cvs to another machine, your password gets transmitted over the network, available to any snooper passing by. [Recipe 9.19] Clearly a better alternative is needed.
Our recipes will primarily use SSH, the Secure Shell, a protocol for secure authentication and encryption of network connections. It’s an appropriate technology for many secure networking tasks. OpenSSH, a free implementation of the SSH protocol, is included in most Linux distributions, so our recipes are tailored to work with it. Its important programs and files are listed in Table 6-1.
Table 6-1. Important OpenSSH programs and files for this chapter
Client programs | |
ssh |
Performs remote logins and remote command execution |
scp |
Copies files between computers |
sftp |
Copies files between computers with an interactive, FTP-like user interface |
Server programs | |
sshd |
Server daemon |
Programs for creating and using cryptographic keys | |
ssh-keygen |
Creates and modifies public and private keys |
ssh-agent |
Caches SSH private keys to avoid typing passphrases |
ssh-add |
Manipulates the key cache of ssh-agent |
Important files and directories | |
~/.ssh |
Directory (per user) for keys and configuration ... |
Get Linux Security Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.