Using Secure Shell and Secure Copy
One way in which web developers and webmaster can further insure secure access to and from their servers is by restricting the use of telnet and where possible ftp.
While ftp can be configured tightly and run under ssl for additional security, it and telnet remain weak points in server security. Alternatives are available.
For starters, by requiring the use of secure shell (ssh) as a replacement to telnet access, user sessions are encrypted and key-based rather than clear text username and password based. SSH is easily available to all platform users with terminals, terminal applications and GUI clients ready-made for Linux, Macintosh and Windows. A majority of *Nix servers have an ssh server installed by default, and telnet can be disabled safely while still insuring access through the command line (terminal) and clients (which the majority support both telnet and ssh).
For Windows-based servers, there are open source ssh servers available, one of the most popular being OpenSSH for Windows (formerly run under the Network Simplicity name). This installs ssh under Cygwin without the need to load a full Cygwin install on a Windows server.
An immediate benefit of using ssh is access to secure copy (scp) and secure ftp (sftp). Both of these offer an encrypted method for transferring files and are full-featured replacements for telnet and ftp.
SSH, scp and sftp can be used from the command line just as users have used telnet and ftp. Some examples are below:
‘ssh domainname.com -l user’ (for OS X users). If this is your first login, you are prompted to accept and generate an entry in your local known_hosts file, and provide a password, which is transferred securely. You are then available to access all of the same command line functions as in telnet.
SCP – To transfer a file or files from one system to another. For example, if I have an application to upload and install on my server, I could perform the following:
'scp application.tar.gz firstname.lastname@example.org:'
, and I am prompted for a password, and then the file is transferred to my user folder on the server. If I wanted to upload a number of RPM updates for a server, I would insure I am in the directory where the files reside, and send the following –
'scp *.rpm email@example.com:'
, and again the files are transferred securely.
One additional benefit of scp is some minor added compression, which shortens the transfer time.
SFTP – Logging in is the same as ftp on the command line,
, and after answering a password prompt, a secure ftp session is started.
“Passwordless” sessions are available if you setup a key to handle the secure handshake between your system and the server by running ssh-keygen. A good tutorial is found at Fedora News
Clients are available for all platforms such as those listed below.
-Native terminal shells including Bash, CSH (C Shell) and KSH (Korn Shell)
-SSH capable tools, such as gFTP and KDE ftp tools
-Native terminal shells as on Linux
–MacSSH and MacSFTP
–OpenSSH for Windows (client included)
–Putty, a favorite to many Windows users.