Re: DICOM on SSH?


Nico Kadel-Garcia wrote:
SpreadTooThin wrote:

Yep makes sence.. If I had thought about it for more than 30 seconds I
would have
done a man sshd.
Now.. because its medical data.. There are rules that need to be
followed.. and for whatever
reason ssh is not 'ethical'. It would appear that one needs ssl/tsl.

That rule makes *NO* sense. I can see insisting on SSL for consistency
reasons, rather than insisting that vendors support multiple encryption
protocols, and there's a whole fascinating set of laws about exporting
encryption tools in software as a "munition", making it illegal to ship to
Cuba and some other countries from the US. Can you point us to this medical
data policy or regulation? It sounds very odd indeed.


See http://medical.nema.org/dicom/2006/06_15pu.pdf
Page 24.
But ssh and sshd do support tls don't they?
Sorry but this thread seems to have lost its direction. :)


Anyhow for anonymouse data ssh should be ok. What is the method for
setting up sshd
for this application?

TIA from a newbie.

For anonymous data, for an interactive application like medical imaging
software? Why would you bother using an encrypted protocol at all?

Either way, if you want to keep things simple, it should be straghtforward
to set up SSH or SSL to use a tunneled port: that way, a port 104 client on
your local machine can be transmitted to a port 104 service on the server
over an encrypted SSH or SSL link to the server. You lose some logging that
way, but goodness knows I've done this to access expensive, licensed
software remotely.

In fact, roughly 15 years ago, I urged the use of VNC or, if necessary, VNC
over SSH to provide remote access to CT software on a very expensive server,
instead of paying $10,000 for antoerh turnkey SGI system with the very
expensive software. I think only a few researchers used it, without the
formal agreement of the department manager, but I still thought it was a
good idea.

.

Relevant Pages

  • Re: DICOM on SSH?
    ... done a man sshd. ... reason ssh is not 'ethical'. ... encryption tools in software as a "munition", making it illegal to ship to ...
    (comp.security.ssh)
  • Re: ssh with tcp_wrappers!! contd/-
    ... Thanks a lot for such a huge response, of course typing mistake, i was using DenyHost not DenyGhost; as suggested by david and others i did this, ... Login, as root, to my Linux system containing the sshd server. ... i am not willing to compile openssh package is there any way out via rpm installation. ... Then try to ssh to localhost. ...
    (RedHat)
  • Re: use ipchains to block all ports > 60,000
    ... else going on here except sshd which allows me to log in and monitor the ... Telnet not running but here's the ouput of ssh -V and sshd -V ... OK, ran that from an external box and it showed open ports 22, 80, plus ... My ISP looked for evidence of massive scans emanating from my ip address ...
    (comp.os.linux.security)
  • remote administration of upgrades
    ... server that I administer runs FreeBSD 4.8, ... have ssh access to ... don't want to fubar sshd and then not be able to ... kill only the ...
    (freebsd-questions)
  • Re: Is OpenSSH 3.5p1 secure?
    ... Do not allow root access over ssh. ... Do allow access over ssh for one and only one user. ... Here are a couple specific recommendations for you that you may wish ... Make sure your Protocol 2 RSA or DSA sshd keys are at the very ...
    (comp.security.ssh)