This website is no longer maintained. Its content may be obsolete. Please visit http://home.cern/ for current CERN information.
|
Contents
|
Recommendation to Use SSH at CERNJan Iven, Denise Heagerty , CERN Computer Security Team AbstractCERN recommends the use of secure shell (SSH) to replace less secure commands, such as telnet, ftp and the BSD r-commands (rsh, rlogin, rexec, rcp). This article explains how ssh improves security, the importance of installing and using ssh locally to secure your complete connection, and provides links to installation instructions for UNIX and Windows. Full information is available at http://cern.ch/security/ssh Why use SSH?Attackers routinely use passwords from legitimate users connecting to or from a CERN machine. These passwords are usually obtained from watching ("sniffing") the network traffic of that user. The user's account can then be used to attack other machines, both inside and outside CERN. To prevent attackers from obtaining these passwords, encryption must be used. Secure shell (SSH) is a network protocol and tool suite to transparently encrypt network traffic. It is designed to replace telnet, ftp and the BSD r-commands (rsh, rlogin, rexec, rcp), all of which transmit passwords as cleartext and are vulnerable to connection hijacking. It offers secure port forwarding and can therefore be used to encrypt other network traffic (e.g. X11) as well. Advice on using SSH securelyUsing ssh does not automatically solve all security problems, and it has to be used correctly in order to be useful:
Installing SSH at CERNDocumentation is provided in the "SSH at CERN" web site for:Using SSH to encrypt other applications
References
ContactComments and questions should be sent at
Computer.Security@cern.ch
About the author(s): Jan Iven is a member of the CERN Computer Security Team, specialised in Linux and SSH. Denise Heagerty is the CERN Computer Security Officer. |