Securities Software (Network Services).Linux OpenSSH Client/Server
Overview
As illustrated in Chapter 2, “Installation of your Linux Server”, many network services including, but not limited, to telnet, rsh, rlogin, or rexec are vulnerable to electronic eavesdropping. As a consequence, anyone who has access to any machine connected to the network can listen in on their communication and get your password, as well as any other private information that goes over the network in plain text. Currently the Telnet program is indispensable for daily administration task, but is insecure since it transmits your password in plain text over the network and allows any listener to thereby use your account to do any evil he likes. To solve this problem we must find another way, or program, to replace it. Fortunately OpenSSH is a truly seamless and secure replacement of old, insecure and obsolete remote login programs such as telnet, rlogin, rsh, rdist, or rep.
According to the official OpenSSH README file:
Ssh (Secure Shell) is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over insecure channels. It is intended as a replacement for rlogin, rsh, rep, and rdist.
In our configuration we have configured OpenSSH to support tcp-wrappers (the inetd super server) to improve the security of this already secure program and to avoid always running its daemon in the background of the server. In this way, the program will run only when client connections arrive and will redirect them through the TCP-WRAPPERS daemon for authentication and authorization before allowing the connection in the server. OpenSSH is a free replacement and improvement of SSH1 with all patent-encumbered algorithms removed (to external libraries), all known security bugs fixed, new features reintroduced and many other clean-ups. It is recommended that you use OpenSSH (free and security bugs fixed) instead of SSH1 (free, buggy, and old) or SSH2 that was originally free but now under a commercial license. For peoples that use SSH2 from Datafellows Company, we’ll provide in this book both versions, beginning with OpenSSH, as it is the new SSH program which everyone must move to in the future.
These installation instructions assume
Commands are Unix-compatible.
The source path is 7var/tmp” (other paths are possible).
Installations were tested on Red Hat Linux 6.1 and 6.2.
All steps in the installation will happen in super-user account “root”.
OpenSSH version number is 1.2.3
Packages
OpenSSH Homepage: http://violet.ibs.com.au/openssh/ You must be sure to download: openssh-1.2.3.tar.gz
Prerequisites
OpenSSH requires that the zlib-devel package, which contains the header files and libraries needed to develop programs that use the zlib compression and decompression library, be already installed on your system. If this is not the case, you must install it from your Red Hat Linux 6.1 or 6.2 CD-ROM.