SSH Security Cautions
2007/02/04
Although SSH is designed to be more secure, there is still risk using it in enterprise :
Since SSH-1 has inherent design flaws which make it vulnerable to, e.g., man in the middle attacks, it is now generally considered obsolete and should be avoided by explicitly disabling fallback to SSH-1. While most modern servers and clients support SSH-2, some organizations still use software with no support for SSH-2 making it hard to avoid the use of SSH-1.
In all versions of SSH, it is important to verify unknown public keys before accepting them as valid. Accepting an attacker’s public key as a valid public key has the effect of disclosing the transmitted password and allowing man in the middle attacks.
As with any encrypted protocol SSH can be considered a security risk by companies or governments who do not trust their users. Furthermore SSH has built in tunneling features which make it easier for users to achieve passage of large volumes of information or to establish an entry point for unauthorized inward access over a SSH link than with other protocols.
Moving Data Between Machines In a Secure Way
2007/02/04
Just learn about some new options moving files between machines using ssh / sftp /scp.
For example, creating an archive, copying it to remote destination, and extracting it in a single command :
$ (cd ~/stuff; tar --create --gzip --file - *) | \ ssh destination tar --extract --gunzip --file --verbose -C stuff
or :
$ ssh destination cat archive.tgz | \ (cd ~/stuff; tar --extract --gunzip --file -)
or
$ scp -pr ~/doc destination:/path/to/doc/
or
$ rsync -e ssh --times *.txt destination:
With ssh setup properly, these options are secure. However, I am still uncertain about any performance issue, as compare to other enterprise class product, e.g. Connect:Direct.
