1. Home
  2. Linux systems
  3. Linux security

Chapter 6. Protecting Outgoing Network Connections

In Chapter 3, we discussed how to protect your computer from unwanted incoming network connections. Now we'll turn our attention to outgoing connections: how to contact remote machines securely on a network. If you naively telnet, ftp, rlogin, rsh, rcp, or cvs to another machine, your password gets transmitted over the network, available to any snooper passing by. [Recipe 9.19] Clearly a better alternative is needed.

Our recipes will primarily use SSH, the Secure Shell, a protocol for secure authentication and encryption of network connections. It's an appropriate technology for many secure networking tasks. OpenSSH, a free implementation of the SSH protocol, is included in most Linux distributions, so our recipes are tailored to work with it. Its important programs and files are listed in Table 6-1.

Table 6-1. Important OpenSSH programs and files for this chapter

Client programs

ssh

Performs remote logins and remote command execution

scp

Copies files between computers

sftp

Copies files between computers with an interactive, FTP-like user interface

Server programs

sshd

Server daemon

Programs for creating and using cryptographic keys

ssh-keygen

Creates and modifies public and private keys

ssh-agent

Caches SSH private keys to avoid typing passphrases

ssh-add

Manipulates the key cache of ssh-agent

Important files and directories

~/.ssh

Directory (per user) for keys and configuration files

/etc/ssh

Directory (systemwide) for keys and configuration files

~/.ssh/config

Client configuration file (per user)

/etc/ssh/ssh_config

Client configuration file (systemwide)

For outgoing connections, the client program ssh initiates remote logins and invokes remote commands:

Do a remote login:
$ ssh -l remoteuser remotehost

Invoke a remote command:
$ ssh -l remoteuser remotehost uptime

and the client scp securely copies files between computers:

Copy local file to remote machine:
$ scp myfile remotehost:remotefile

Copy remote file to local machine:
$ scp remotehost:remotefile myfile

Some of our recipes might work for other implementations of SSH, such as the original SSH Secure Shell from SSH Communication Security (http://www.ssh.com). For a broader discussion see the book SSH, The Secure Shell: The Definitive Guide (O'Reilly).



    		Preface
    		Chapter 1. System Snapshots with Tripwire
    		Chapter 2. Firewalls with iptables and ipchains
    		Chapter 3. Network Access Control
    		Chapter 4. Authentication Techniques and Infrastructures
    		Chapter 5. Authorization Controls
    		Chapter 6. Protecting Outgoing Network Connections
    		Recipe 6.1 Logging into a Remote Host
    		Recipe 6.2 Invoking Remote Programs
    		Recipe 6.3 Copying Files Remotely
    		Recipe 6.4 Authenticating by Public Key (OpenSSH)
    		Recipe 6.5 Authenticating by Public Key (OpenSSH Client, SSH2 Server, OpenSSH Key)
    		Recipe 6.6 Authenticating by Public Key (OpenSSH Client, SSH2 Server, SSH2 Key)
    		Recipe 6.7 Authenticating by Public Key (SSH2 Client, OpenSSH Server)
    		Recipe 6.8 Authenticating by Trusted Host
    		Recipe 6.9 Authenticating Without a Password (Interactively)
    		Recipe 6.10 Authenticating in cron Jobs
    		Recipe 6.11 Terminating an SSH Agent on Logout
    		Recipe 6.12 Tailoring SSH per Host
    		Recipe 6.13 Changing SSH Client Defaults
    		Recipe 6.14 Tunneling Another TCP Session Through SSH
    		Recipe 6.15 Keeping Track of Passwords
    		Chapter 7. Protecting Files
    		Chapter 8. Protecting Email
    		Chapter 9. Testing and Monitoring
    		Colophon