Re: Is SSH worth it??
From: Jeremy Anderson (jeremy@2monkeys.org)Date: 10/08/02
- Previous message: Brad Arlt: "Re: Is SSH worth it??"
- In reply to: Trevor Cushen: "Is SSH worth it??"
- Next in thread: Devdas Bhagat: "Re: Is SSH worth it??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 7 Oct 2002 15:01:21 -0700 (PDT) From: Jeremy Anderson <jeremy@2monkeys.org> To: Trevor Cushen <Trevor.Cushen@sysnet.ie>
In general, I would say, yes, it's worth it. However, here are
the questions I would be asking:
1) You mention that not many people have access to the machines. How many
is not many? What is the turnover among the people who have access? Is
key control important to you?
2) Do you foresee a situation in the future where your systems will be
accessed from the outside world, either from users at a branch office or
people working from home? ssh also allows tunneling of other protocols so
that you can run X11 apps securely from remote, or do POP-over-SSL, or
SMTP-over-SSL, etc. These can also be done with a VPN, which will secure
all your apps for external use, but VPN solutions tend to be more
expensive and complicated to set up than ssh. (this, of course depends on
how many boxes you're securing and other things. If you have 50 or 100
servers running proprietary apps and they all need to be accessed from
remote, you'll be better off setting up a VPN).
If the answer is something like this:
"We have 10 users accessing the servers through a switched LAN. Our
employee turnover is low, and there are no plans in the next two years to
allow remote access", then no, maybe it's really not worth it.
I'm not sure why going from rsh to ssh would be a hassle. If you're in a
huge hurry, you can set up the accounts you would have logged into via rsh
with password-free keys. The security on this is lacking, but no
worse than using rsh. If you want to do it right, you can use ssh-agent
to cache the key on initial startup (i.e. at boot time), and use the
cached key for subsequent accesses.
Hope this is helpful.
Jeremy
On Mon, 7 Oct 2002, Trevor Cushen wrote:
> Hello all,
>
> Quick opinion based question. I have an switched internal network that
> currently uses a lot of rcp with rsh authentication to moves files
> about. Platforms are unix and nt (ftp on the nt side)
>
> More secure is ssh and scp for all platforms, but I have several scripts
> that would all have to be re-written and a fair bit of setting up for
> all the clients and servers involved throughout the organisation.
>
> The questions is this;
>
> On an internal network that is switched (making sniffing harder) is it
> worth going to SSH and SCP??????
>
> I am aware how to set it all up but the thing is, is it worth it. Bare
> in mind also that few people have passwords to the boxes and the only
> real threat is sniffing the traffic.
>
> All opinions welcome,
> thanks
>
> Trevor Cushen
> Sysnet Ltd
>
> www.sysnet.ie
> Tel: +353 1 2983000
> Fax: +353 1 2960499
>
- Previous message: Brad Arlt: "Re: Is SSH worth it??"
- In reply to: Trevor Cushen: "Is SSH worth it??"
- Next in thread: Devdas Bhagat: "Re: Is SSH worth it??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
