Chapter 6. Protecting Outgoing Network Connections

In Chapter 3, we discussed how to protect your computer from unwanted incoming network connections. Now we'll turn our attention to outgoing connections: how to contact remote machines securely on a network. If you naively telnet, ftp, rlogin, rsh, rcp, or cvs to another machine, your password gets transmitted over the network, available to any snooper passing by. [Recipe 9.19] Clearly a better alternative is needed.

Our recipes will primarily use SSH, the Secure Shell, a protocol for secure authentication and encryption of network connections. It's an appropriate technology for many secure networking tasks. OpenSSH, a free implementation of the SSH protocol, is included in most Linux distributions, so our recipes are tailored to work with it. Its important programs and files are listed in Table 6-1.

For outgoing connections, the client program ssh initiates remote logins and invokes remote commands:

Do a remote login: $ ssh -l remoteuser remotehost Invoke a remote command: $ ssh -l remoteuser remotehost uptime

and the client scp securely copies files between computers:

Copy local file to remote machine: $ scp myfile remotehost:remotefile Copy remote file to local machine: $ scp remotehost:remotefile myfile

Some of our recipes might work for other implementations of SSH, such as the original SSH Secure Shell from SSH Communication Security (http://www.ssh.com). For a broader discussion see the book SSH, The Secure Shell: The Definitive Guide (O'Reilly).