Protecting your Network with Secure Shell
By Lincoln D. Stein
I spend a lot of time working at one machine while remotely logged in to several others. At any given time, I'm typically logged in to three machines simultaneously: my office workstation, the Web server, and the host that runs my laboratory databases. My lab is UNIX-based, so these remote logins take the form of X Window sessions. This means that I have a mixture of graphical and text-only windows floating around on my desktop, some of which are running on the local machine while others are running on other computers on the lab's LAN.
I also maintain two servers and a desktop machine at home. Through the magic of a DSL line, these machines have static IP addresses and are always connected to the Internet. Sometimes while I'm at work I need to get at a file on my home machine, or I want to check on the server remotely. No problem. I just log in remotely over the Internet to copy files, browse Web logs, or do whatever else I need to do. I can even launch and run X Window applications on one of my home machines, and display them on the desktop at work.
When I'm out of town at conferences, I frequently log in to the office network to check my mail or to look in on things. I do this from my Linux laptop, which I simply plug in to any available Ethernet network.
It's all very convenient—and all potentially insecure. If I were using vanilla remote login services, I would be running a horrible risk. The reason is that the simple network protocols that we use every day—like telnet, FTP, and HTTP—were designed in the days when the Internet was smaller and people more trusting.
