Chapter 6. Protecting Outgoing Network Connections

In Chapter 3, we discussed how to protect your computer from unwanted incoming network connections. Now we'll turn our attention to outgoing connections: how to contact remote machines securely on a network. If you naively telnet, ftp, rlogin, rsh, rcp, or cvs to another machine, your password gets transmitted over the network, available to any snooper passing by. [Recipe 9.19] Clearly a better alternative is needed.

Our recipes will primarily use SSH, the Secure Shell, a protocol for secure authentication and encryption of network connections. It's an appropriate technology for many secure networking tasks. OpenSSH, a free implementation of the SSH protocol, is included in most Linux distributions, so our recipes are tailored to work with it. Its important programs and files are listed in Table 6-1.

Table 6-1. Important OpenSSH programs and files for this chapter

Client programs


Performs remote logins and remote command execution


Copies files between computers


Copies files between computers with an interactive, FTP-like user interface

Server programs


Server daemon

Programs for creating and using cryptographic keys


Creates and modifies public and private keys


Caches SSH private keys to avoid typing passphrases


Manipulates the key cache of ssh-agent

Important files and directories


Directory (per user) for keys and configuration files


Directory (systemwide) for keys and configuration files


Client configuration file (per user)


Client configuration file (systemwide)

For outgoing connections, the client program ssh initiates remote logins and invokes remote commands:

Do a remote login:
$ ssh -l remoteuser remotehost

Invoke a remote command:
$ ssh -l remoteuser remotehost uptime

and the client scp securely copies files between computers:

Copy local file to remote machine:
$ scp myfile remotehost:remotefile

Copy remote file to local machine:
$ scp remotehost:remotefile myfile

Some of our recipes might work for other implementations of SSH, such as the original SSH Secure Shell from SSH Communication Security ( For a broader discussion see the book SSH, The Secure Shell: The Definitive Guide (O'Reilly).

    Chapter 9. Testing and Monitoring