Can't go wrong with ssh .
If it's access to multiple servers then only allow access to a 'gateway' machine and tie down the i/p's allowed access to that machine over the firewall. Make sure they have their own accounts and log everything. F-Secure or Putty if you want windoze clients. Steve |
Cheers Steve
|
Google returned Chiark's home page with PUTTY download on it as one of the first 5 links! How did you manage that Chairk!
|
Take a look at the SSH client for Windows on ssh.com, it contains a rather nice SCP client too. Don't know about licensing but it's free for personal use.
Steve. |
Steve
Already done that one mate, www.ssh.com, forwarded details to those that need it now. Thanks, Alex |
You are better off going for the freeware /open source clients,
they are updated more regularly and are a lot better! I use putty and winscp to access the boxes. All logins are done with secure certificates created on the unix boxes, so no passwords in site, just a passphrase. In the past I've used a usb secure dongle to encrypt the area of the hard drive that the certificates are stored on. Just makes it a more secure environment. |
Same here, OpenSSH on UNIX, configured SSHv2 only, public key only and firewall restricted. Then putty on windows, obviously configured to use public key to login.
|
Just using public key with no need for the user to enter a password or passphrase is no good for any serious security. You just shift the point of failure to the end users machine, where the public key is stored for anyone to use and gain access, if they do it from the same machine that then bypasses your firewall rules too. Always make them type something if the need for security is great.
|
Obviously keys should have a passphrase, perhaps I should be more verbose. For OpenSSH at least you have to actively choose not to have a passphrase with your keys as you're prompted to enter one on creation.
|
Yup, OpenSSH is a goodun :)
|
Thanks guys
|
Any votes for Kerberized Secure Shell (ksh)?
|
Hi all,
We are looking at dropping Ace Server from RSA. Now our only concern is remote users initial access to the unix systems. SSH is going to be installed on all servers, so I guess all we need is a Windows version of SSH so that we can login in remotely via the VPN. But what alternatives are there for secure logins to a unix system, perhaps using digital certificates? Cheers, Alex [Edited by DrEvil - 1/9/2003 2:45:09 PM] |
All times are GMT +1. The time now is 06:35 AM. |
© 2024 MH Sub I, LLC dba Internet Brands