Unix - Secure login alternatives???
09 January 2003, 03:00 PM
#1
Scooby Regular
Thread Starter
Join Date: Sep 2001
Location: Kingston ( Surrey, not Jamaica )
Posts: 4,670
Likes: 0
Received 0 Likes
on
0 Posts
Can't go wrong with ssh .
If it's access to multiple servers then only allow access to a 'gateway' machine and tie down the i/p's allowed access to that machine over the firewall. Make sure they have their own accounts and log everything.
F-Secure or Putty if you want windoze clients.
Steve
If it's access to multiple servers then only allow access to a 'gateway' machine and tie down the i/p's allowed access to that machine over the firewall. Make sure they have their own accounts and log everything.
F-Secure or Putty if you want windoze clients.
Steve
09 January 2003, 03:42 PM
#4
Scooby Regular
Take a look at the SSH client for Windows on ssh.com, it contains a rather nice SCP client too. Don't know about licensing but it's free for personal use.
Steve.
Steve.
09 January 2003, 04:08 PM
#6
Scooby Regular
Join Date: Aug 2002
Posts: 577
Likes: 0
Received 0 Likes
on
0 Posts
You are better off going for the freeware /open source clients,
they are updated more regularly and are a lot better!
I use putty and winscp to access the boxes. All logins are done with secure certificates created on the unix boxes, so no passwords in site, just a passphrase.
In the past I've used a usb secure dongle to encrypt the area of the hard drive that the certificates are stored on. Just makes it a more secure environment.
they are updated more regularly and are a lot better!
I use putty and winscp to access the boxes. All logins are done with secure certificates created on the unix boxes, so no passwords in site, just a passphrase.
In the past I've used a usb secure dongle to encrypt the area of the hard drive that the certificates are stored on. Just makes it a more secure environment.
Trending Topics
09 January 2003, 05:51 PM
#8
Scooby Regular
Just using public key with no need for the user to enter a password or passphrase is no good for any serious security. You just shift the point of failure to the end users machine, where the public key is stored for anyone to use and gain access, if they do it from the same machine that then bypasses your firewall rules too. Always make them type something if the need for security is great.
09 January 2003, 09:19 PM
#9
Scooby Regular
Join Date: Jan 2002
Posts: 667
Likes: 0
Received 0 Likes
on
0 Posts
Obviously keys should have a passphrase, perhaps I should be more verbose. For OpenSSH at least you have to actively choose not to have a passphrase with your keys as you're prompted to enter one on creation.
01 September 2003, 02:44 PM
#13
Scooby Regular
Join Date: Oct 2000
Location: Surrey, UK
Posts: 8,384
Likes: 0
Received 0 Likes
on
0 Posts
Hi all,
We are looking at dropping Ace Server from RSA.
Now our only concern is remote users initial access to the unix systems.
SSH is going to be installed on all servers, so I guess all we need is a Windows version of SSH so that we can login in remotely via the VPN.
But what alternatives are there for secure logins to a unix system, perhaps using digital certificates?
Cheers, Alex
[Edited by DrEvil - 1/9/2003 2:45:09 PM]
We are looking at dropping Ace Server from RSA.
Now our only concern is remote users initial access to the unix systems.
SSH is going to be installed on all servers, so I guess all we need is a Windows version of SSH so that we can login in remotely via the VPN.
But what alternatives are there for secure logins to a unix system, perhaps using digital certificates?
Cheers, Alex
[Edited by DrEvil - 1/9/2003 2:45:09 PM]
Thread
Thread Starter
Forum
Replies
Last Post
Mattybr5@MB Developments
Full Cars Breaking For Spares
28
28 December 2015 11:07 PM
Mattybr5@MB Developments
Full Cars Breaking For Spares
12
18 November 2015 07:03 AM
The Joshua Tree
Computer & Technology Related
30
28 September 2015 02:43 PM