1. clean and server exchange (public) host keys.
If the client machine has never encountered
a given public key before, both SSH .... ask
the user whether to accept the untrusted key, ...
next the use these public keys to negotiate a session
key .... As with typical SSL connections, this
initial round of key exchanging and session-key
negotiations is completely transparent to the
end user.
[linux server security oreilly page 118-119]
SSH can secure these [X POP3 LPD] and most other
TCP based services! Forwarding X applications
back to your remote console is simple. First,
on the the remote host, edit /etc/ssh/sshd_config
and set X11Forwarding to yes (in OpenSSH Version
2x, the default is no). Second, open an ssh session using
the authentication method of your choice from your
local console to the remote host.
book [inside network perimeter security, sams second edition]
chapter 16 page 397 The Dangers of SSH
... be sure to ue the latest software versions and to keep
current with all the patchs, Also configure your SSH
servers to only permit the use of the SSH2 protocol,
instead of SSH1.
page 398. SSH Tunnels.
port forwardinging.
SSH has a powerful capability called port forwarding.
In port forwarding, an abitrary local port is chosen and
linked by an SSH connection to a particular remote host
and remote port.
After the connection is established, the SSH client listens
for traffic on the specified local port. Any traffic that
is sent to the that port is then sent through the tunnel
to the the remote SSH server. This technique is know
as SSH tunneling.
[end quote]
plans
finish building 2.6 gento book+udev
emerge ssh ... login to ssh remotely
rc-update ssh.
what risks are associated with ssh?
[more from LINUX Server Security page 125-127]
... to control the behavior of the SSH client and server [ssh],
there are only two files to edit: ssh_config and sshd_config, respectively.
ssh_config is a global configuration file for ssh sessions
intitiated from the local host.
ssh_config consists of a list of parameters, one line per parameter,
in the format:
parameter-name parameter-value1(,parameter-value2,etc.)
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment