Running Shells and Commands Remotely Using SSH

Remote Access and Security-Minded Thinking

Although Chapter 28, "Implementing Server Security and Advanced Network Configuration," goes into security details in considerably more depth, it's a good idea to start thinking about security issues now. In this chapter, you're going to configure your machine so that you can connect to it from other machines. If you can connect to it, so can anyone else, and it's time to start thinking about security. Here are some common sense guidelines that you can use when thinking about your machine's security:

• Regularly apply updates to the operating system. It is common for the Unix vendors to fix security problems and make the fixes available as downloadable updates, usually called patches.

• Do not turn on any unnecessary services. If you don't know what the service is, you probably don't need it.

• Do not turn on the telnet service. telnet transmits passwords in clear text. That is exactly what some of the crackers are looking for.

• Restrict as many of the TCP-based services as possible with xinetd's access attributes or with TCP Wrappers.

• Use secure shell (SSH) for remote logins to your machine.

It is the last item, secure shell, that we will discuss in depth in this chapter. You were first introduced to the secure shell software via slogin, in Chapter 13, "Using Common Command-Line Applications and Application Suites." In that chapter, you learned how to use slogin on your Mac OS X box to connect to outside machines as well as how to use scp and sftp. In this chapter, we will look at secure shell basic and advanced use and available clients.