Pick a Free OS

Securing Linux: Part 2

Welcome back to an exciting odyssey in making your Linux box more secure.

In the previous article we dealt with various issues like BIOS security

passwords, securing your LILO prompt with a password, restricting the use

of "setuid" and "setgid" programs etc. We also dealt with common user

habits that compromise security on networks as well as some other aspects

of securing your Linux installation.

As we have mentioned earlier and repeat again, "The only secure machine is

one unplugged from the electrical point." Another point we would like to

stress upon is "Security is not a solution but a way of life."

Quotes apart, lets move on to the next leg of our journey.

A quick reminder before we begin, the words "daemons" and "services" are

interchangeable and mean the same.

Shunting out clear text passwords

We'll begin by covering a few elementary aspects of SSH, you should also

check out our more detailed article on SSH on the site.

Authentication over your local network using plain text passwords is passé.

SSH is a more secure replacement of the telnet and ftp services that you

run on your Linux server. SSH uses the public key - private key concept,

wherein the private key is generated on your machine and the public key

generated by you is distributed to those clients who would like to connect

to you remotely. Unlike telnet and ftp, SSH encrypts all the data that it

transfers over the network, hence even if someone intercepts the packets,

the information would be useless, as everything would be encrypted. This

enhances your security to a certain extent. SSH is an indispensable tool

for all those who regularly use telnet and ftp sessions either locally or

remotely to transfer data.

To install SSH you would require the following packages.





For installation of the OpenSSH and OpenSSL packages and other details

refer the previous article on OpenSSH installation at our site.

Now lets see how we can use SSH to connect to a remote machine and initiate

an encrypted telnet session.

bash# ssh -l username my.machine.com

The command to copy files to a remote machine could be done by the

following command.