ScoobyNet.com - Subaru Enthusiast Forum

ScoobyNet.com - Subaru Enthusiast Forum (https://www.scoobynet.com/)
-   Computer & Technology Related (https://www.scoobynet.com/computer-and-technology-related-34/)
-   -   Unix - Secure login alternatives??? (https://www.scoobynet.com/computer-and-technology-related-34/165607-unix-secure-login-alternatives.html)

stevem2k 09 January 2003 03:00 PM
Can't go wrong with ssh .

If it's access to multiple servers then only allow access to a 'gateway' machine and tie down the i/p's allowed access to that machine over the firewall. Make sure they have their own accounts and log everything.

F-Secure or Putty if you want windoze clients.


Steve

DrEvil 09 January 2003 03:02 PM
Cheers Steve

DrEvil 09 January 2003 03:26 PM
Google returned Chiark's home page with PUTTY download on it as one of the first 5 links! How did you manage that Chairk!

stevencotton 09 January 2003 03:42 PM
Take a look at the SSH client for Windows on ssh.com, it contains a rather nice SCP client too. Don't know about licensing but it's free for personal use.

Steve.

DrEvil 09 January 2003 03:50 PM
Steve

Already done that one mate, www.ssh.com, forwarded details to those that need it now.

Thanks, Alex

chockymonster 09 January 2003 04:08 PM
You are better off going for the freeware /open source clients,
they are updated more regularly and are a lot better!

I use putty and winscp to access the boxes. All logins are done with secure certificates created on the unix boxes, so no passwords in site, just a passphrase.
In the past I've used a usb secure dongle to encrypt the area of the hard drive that the certificates are stored on. Just makes it a more secure environment.

Andrewza 09 January 2003 04:28 PM
Same here, OpenSSH on UNIX, configured SSHv2 only, public key only and firewall restricted. Then putty on windows, obviously configured to use public key to login.

stevencotton 09 January 2003 05:51 PM
Just using public key with no need for the user to enter a password or passphrase is no good for any serious security. You just shift the point of failure to the end users machine, where the public key is stored for anyone to use and gain access, if they do it from the same machine that then bypasses your firewall rules too. Always make them type something if the need for security is great.

Andrewza 09 January 2003 09:19 PM
Obviously keys should have a passphrase, perhaps I should be more verbose. For OpenSSH at least you have to actively choose not to have a passphrase with your keys as you're prompted to enter one on creation.

stevencotton 10 January 2003 10:27 AM
Yup, OpenSSH is a goodun :)

DrEvil 10 January 2003 10:44 AM
Thanks guys

carl 10 January 2003 11:23 AM
Any votes for Kerberized Secure Shell (ksh)?

DrEvil 01 September 2003 02:44 PM
Hi all,

We are looking at dropping Ace Server from RSA.
Now our only concern is remote users initial access to the unix systems.

SSH is going to be installed on all servers, so I guess all we need is a Windows version of SSH so that we can login in remotely via the VPN.

But what alternatives are there for secure logins to a unix system, perhaps using digital certificates?

Cheers, Alex

[Edited by DrEvil - 1/9/2003 2:45:09 PM]


All times are GMT +1. The time now is 06:35 AM.


© 2024 MH Sub I, LLC dba Internet Brands