1) What is SSH?
SSH stands for secure shell.
It looks like telnet.
It works like telnet.
It feels like telnet.
It even smells like telnet.
The difference between SSH and Telnet is that SSH transparently encrypts the
data between the client and the server.
2) Why SSH?
When you telnet to a machine and, say, type your password, every keypress of
your password is relayed across the Internet to our server in cleartext. This
means that if some nefarious person on one of the routers through which the
information passes sniffed the packets (the Internet equivalent of "tapping"
a phoneline), then they'd suddenly know your password, letter for letter!
With SSH, the information is encrypted. So when you type your password, each
letter is "scrambled" before it's sent over the Internet, and decoded
at the other end. The encryption method is such that, if someone in between
the servers stumbled upon the information, they'd just see a jumbled noise.
As you might imagine, this increases your security significantly.
3) Where can I get an SSH client?
Windows 95/98/NT/2000/XP
If you're using Windows, you can download a fast, small, free ssh client (which
can also do telnet) called Putty. See our software page for details.
There's also an excellent shareware client called SecureCRT which can be downloaded
from: http://www.vandyke.com/products/securecrt/index.html
You'll find there's more SSH clients listed at Tucows: http://www.tucows.com
Linux
If you're using Linux, you'll probably have ssh installed already. If not, it'll
certainly be available for installation with your distribution. Then, at the
command line, simply type ssh -l USERNAME SERVER, replacing USERNAME with your
Positive Internet username and SERVER for the Positive Internet servername.
For example ssh -l fredb muon.positive-internet.com
There's also a number of X SSH clients - see Tucows, http://www.tucows.com
Macintosh
"Nifty Telnet" is a freeware client that can handle SSH and is available
from here:
http://www.lysator.liu.se/~jonasw/freeware.html
If we hear of other Macintosh SSH clients (we hear there are more) then we'll
post the links.
4) What about FTP?
FTP shares the same sniffer problems with telnet. Because FTP remains so popular,
we won't be turning it off, of course! But there is a secure version of FTP
called scp (secure copy) and if you want the ultimate in security, use ssh and
scp together for a complete replacement for telnet and FTP.
A free basic windows graphical interface for scp is available here:
http://www.i-tree.org/ixplorer.htm
This is the graphical front end for pscp.exe at http://www.chiark.greenend.org.uk/~sgtatham/putty/
and this is already included as part of the above mentioned iexplorer package.
5) Where can I learn more about SSH?
See here: http://www.uwsg.iu.edu/security/quick-ssh.html
6) Is there anything else I can do to improve security for the server and
my web site?
Well, the first and most important thing to consider is your passwords. We
automatically assign what we consider to be reasonably secure passwords. Passwords
should be primarily made up of dictionary words, should include letters or other
characters and should not be related to your login name or domain name. You
can change your passwords on any of our servers, by first using ssh to connect,
then enter the word:-
password
(Note this is not the standard unix passwd command).
We would recommend that you assign different passwords to your Mysql database,
web page logins, and your main FTP/ssh facilities. You should also ensure all
your POP3 passwords are different, and do not match your main password.
If your passwords are different, you keep them secure, you use ssh and scp
regularly, you will find that security is greatly enhanced.
If you have any further questions please mail us at support@positive-internet.com
|
