Re: Setting up a secure shell server

From: Simon Burns (simon@ababa.org)
Date: 01/12/02


Date: Sat, 12 Jan 2002 10:03:33 +0000 (GMT)
From: Simon Burns <simon@ababa.org>
To: <focus-linux@securityfocus.com>


> I've done both. It's almost trivial. I'd recommend SSH.com's
> implementation because they have both the Windows and the Unix side. (Not
> that openssh won't work -- it's just that I haven't tried it.)

If you want a free SSH client for Windows, try PuTTY from
http://www.chiark.greenend.org.uk/~sgtatham/putty/

> Your users will have to generate a keypair
> on their home (Windows) machine, then put the public key in a special place
> in their home directory on your (Linux) machine.

That's not always _necessary_, although it's best practice. You can use
SSH as a drop-in replacement for telnet, and use just a password to
connect (rather than the public key auth method). If you're looking to
learn more about security, and you want to "double-lock the door" to your
system, use both kinds of authentication. Or if you tire of typing in your
password, you can use just the public key method without a password -- but
if someone manages to steal your private key you're in trouble... Depends
if your system is on the Internet or a private network.

HTH,

--
Simon Burns