Encryption I

Encrypting Remote Access with OpenSSH

In the early days of UNIX/Linux, we used a variety of tools to
establish network connections between systems. You could access the
shell prompt of a remote system using Telnet, rlogin, or rshell. You
could copy files back and forth between systems using rcp or FTP.
However, these utilities had one glaring weakness. Network services
such as Telnet, rlogin, rcp, rshell, and FTP transmit data as clear
text. Anyone running a sniffer could easily capture usernames and
passwords along with the contents of the transmissions.



For example, suppose I remotely accessed my Linux system via Telnet.
After authenticating to the remote system, I decided that I needed to
switch to root using the su command to complete several tasks. If
someone were sniffing the network wire while I was doing this, they
would be able to easily grab the following information:


• My username and password

• The root user password



This is not a good thing! The attacker would have everything he needs
to gain unfettered access to my Linux system.



To prevent this from happening, you can use the OpenSSH package to
accomplish these same management tasks using encryption. In this part
of the chapter, you will learn how to use OpenSSH. The following
topics are addressed:



• How OpenSSH works

• Configuring OpenSSH

• Tunneling traffic through SSH

• Configuring SSH to use public key authentication














LX0-104 Exam Objectives (X)