|
|
By Joel Jaeggli (joelja@darkwing.uoregon.edu)
Imagine you telnet to DARKWING and log in with your username and password. Then you fire up pine, send a couple of email messages, make some changes to your web page, and telnet from there to another machine where you also have an account to check your messages.
While you may have felt completely secure as you did this, every character you typed flew across the network as clear text, including your username and password. Likewise, anything you read--whether potentially sensitive email, login screens, the notice messages on the system--were all passed back across the network to your terminal program as clear text. All your keystrokes were visible to anyone who installed a packet-sniffing application on a computer situated between your current location and the computer to which you're connecting.
With all the focus on security for web-based transactions and host security, relatively little attention has been paid to security for everyday tasks like reading email, editing web pages, or logging in to other machines. Yet your username and password are very valuable information to an attacker. Once these are known, intruders may be able to compromise the computer to which you log in, damage or erase the contents of your account, or impersonate you on the Internet.
There is a way to prevent this, however. Secure Shell (ssh) provides users with secure authentication, using public key methods and a secure connection to any remote host running an ssh server, such as DARKWING or GLADSTONE. Free implementations of ssh are available for Windows and UNIX; and a commercial one is available for the Mac.
You'll find the TerraTerm ssh client on both the fall 1998 Duckware CD and the recently released fall 1999 Duckware CD.
For more information about ssh, send email to consult@gladstone.uoregon.edu, consult@darkwing.uoregon.edu, or consult@oregon.uoregon.edu