SitePoint Sponsor

User Tag List

Results 1 to 10 of 10
  1. #1
    SitePoint Enthusiast sawz's Avatar
    Join Date
    Aug 1999
    Posts
    76
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    hi everyone.

    i'm getting ready to change hosts and have read that using
    telnet and a normal ftp client (Leap Ftp) allows your login
    info to be exposed to anyone who may be listening.

    i've also read that ssh is the software to use for managing
    domains and uploading files to your server.

    is ssh really needed or am i a little paranoid.

    i went to openssh.com and downloaded the software, looks
    very intimidating.

    does anyone else use this? was it hard to set up?

    i've used normal telnet and ftp up till now. but i want
    to be secure.

  2. #2
    psycho
    Join Date
    May 2000
    Location
    London
    Posts
    283
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Telnet and FTP is fine. Don't worry about using SSH unless its for, for example, credit card number retrieval.

    J

  3. #3
    SitePoint Enthusiast
    Join Date
    Aug 2000
    Location
    Streamwood, IL
    Posts
    48
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    We use (and ask our clients to use) SSH to access our systems. It's better safe than sorry. Most people don't have anything in their domain that they couldn't simply replace if it did get hacked, but why not avoid this in the first place. We recommend SecureRT from Vandyke.com

    Good luck
    Thomas
    http://www.EZ2ba.com
    Making it "Easy To Be A Dot-Com"

  4. #4
    AdSpeed.com Son Nguyen's Avatar
    Join Date
    Aug 2000
    Location
    Silicon Valley
    Posts
    2,241
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Talking about security, I think we need to be a little paranoid!
    I using SSH (SecureRT) and really like it, it's just like normal telnet, but I feel safer and also my host only allows SSH access.
    - Son Nguyen
    AdSpeed.com - Ad Serving and Ad Management Made Easy

  5. #5
    SitePoint Enthusiast sawz's Avatar
    Join Date
    Aug 1999
    Posts
    76
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    this new host allows either way, is ssh hard to get going?
    ther whole set up looks complicated.

  6. #6
    Don't get too close, I bite! Nicky's Avatar
    Join Date
    Jul 1999
    Location
    Lancashire, UK
    Posts
    8,277
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I use FTP and I have never had any problems. I suppose it depends though on the kind of stuff you are transferring, and whether it is of high confidentiality or not!

  7. #7
    SitePoint Enthusiast sawz's Avatar
    Join Date
    Aug 1999
    Posts
    76
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    its not that my files are 'top secret' or anything, the new host says that using standard ftp and telnet transmits your login info to anyone who may be listening.

    i really would like to keep my unix password secret..

  8. #8
    AdSpeed.com Son Nguyen's Avatar
    Join Date
    Aug 2000
    Location
    Silicon Valley
    Posts
    2,241
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yeah, they require RSA scheme to encrypt stuff, so you will have private and public key, I think you will give your private key to the host, then when you connect, it will check public+prvate to authorize!
    Not very hard though, when everything is set up, as I said, just like telnet!
    - Son Nguyen
    AdSpeed.com - Ad Serving and Ad Management Made Easy

  9. #9
    SitePoint Enthusiast
    Join Date
    Aug 2000
    Location
    Streamwood, IL
    Posts
    48
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    does anyone know if there's a security problem with giving your ID and Password through one of those typical dialog boxes that pop up for protected directories?

    Also, is there a security problem putting the name and password on the command line like:
    http://nameassword@mywebsite.com
    Thomas
    http://www.EZ2ba.com
    Making it "Easy To Be A Dot-Com"

  10. #10
    SitePoint Zealot Tiger_Tom's Avatar
    Join Date
    Feb 2000
    Location
    U.K.
    Posts
    194
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think the problem is to define 'listening'. I haven't heard of any specific 'exploits' whereby sessions were overheard. Hackers usually break into your server if

    1. It's not set up properly i.e. latest (or basic!) security measures not set up e.g. settings left at manufacturer supplied defaults.
    2. It's on Windows (see 1 above)
    3. By 'social engineering'.

    I am open to contradiction on this, via any concrete examples, if possible.



Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •