SSH is a Swiss Army knife and Hogwart's magic wand all rolled into one
simple command-line tool. As often as we use it, we sometimes forget that
even our encrypted friend can be secured more than it is by default. For
a full list of options to turn on and off, simply type man
to read the man page for the configuration file.
Whenever a server is accessible via the Internet, it's a safe bet that
hackers will be trying to access it. Just look at the SSH logs
for any server you use, and you'll surely find lots of "authentication
failure" lines, originating from IPs that have nothing to do with you
or your business.
If SSH is the Swiss Army knife of the system administration world, Nmap
is a box of dynamite. It's really easy to misuse dynamite and blow your
foot off, but it's also a very powerful tool that can do jobs that
are impossible without it.
Years ago, I worked for an automotive IT provider, and occasionally we went
out to the plants to search for rogue Wireless Access Points (WAPs). A
rogue WAP is one that the company hasn't approved to be there. So if
someone were to go and buy a wireless router, and plug it in to the
network, that would be a rogue WAP.
you have a large team of admins, with a substantial turnover rate. Maybe
contractors come and go. Maybe you have tiers of access, due to
restrictions based on geography, admin level or even citizenship (as with
some US government contracts).
Security: a Method, Not a Goal
The Security issue of Linux Journal always makes me feel a little
guilty. It turns out that although I have a fairly wide set of technology
skills, I'm not the person you want in charge of securing your network
or your systems. By default, Linux is designed with a moderate amount
of security in mind. For that, I am incredibly grateful.
I've been hesitating for a couple months about whether to mention
sshpass. Conceptually, it's a horrible, horrible program. It basically
allows you to enter an SSH user name and password on the command line,
so you can create a connection without any interaction. A far better
way to accomplish that is with public/private keypairs.
I have been focusing a lot on security and privacy issues in this year's
columns so far, but I realize some of you may expect a different
kind of topic from me (or maybe are just tired of all this security
talk). Well, you are in luck.
Ansible is an open-source automation tool developed and released by Michael
DeHaan and others in 2012. DeHaan calls it a "general-purpose automation
pipeline" (see Resources for a link to the article "Ansible's Architecture: Beyond Configuration
Every year, heck...every month, Linux is adopted by more companies and
organizations as an important if not primary component of their enterprise
platform. And the more serious the hardware platform, the more likely it is
to be running Linux. 60% of servers, 70% of Web servers and 95% of all
supercomputers are Linux-based!
A few columns ago, I started a series aimed at helping everyone improve
their privacy and security on the Internet. The first column in this
series was an updated version of a Tor column I wrote a few years
Portable apps aren't anything new. There are variations of "single
executable apps" for most platforms, and some people swear by keeping
their own applications with them for use when away from home. I don't
usually do that, as most of what I do is on-line, but there is one
With the increasing prevalence of open-source implementations and the
expansion of personal computing device usage to include mobile and non-PC
devices as well as traditional desktops and laptops, combating attacks and
security obstacles against malware is a growing priority for a broad
community of vendors, developers and end users.
If you run a publicly accessible Web server for your own use (and let's
face it, if you're reading Linux Journal, there's a very good chance you
do), how do you go about limiting the risk of someone accessing your
site and doing bad things? How about SSH, an even bigger concern?
Classical cryptography provides security based on unproven
mathematical assumptions and depends on the technology available to
an eavesdropper. But, these things might not be enough in the near future to
cyber security. We need something that
provides unconditional security. We need quantum cryptography.
The truth is, I really don't have anything on my hard drive that I would
be upset over someone seeing. I have some cat photos. I have a few text
files with ideas for future books and/or short stories, and a couple
half-written starts to NaNoWriMo novels. It would be easy to say that
there's no point encrypting my hard drive, because I have nothing to
If you need remote access to a machine, you'll probably use SSH, and
for a good reason. The secure shell protocol uses modern cryptography
methods to provide privacy and confidentiality, even over an unsecured,
unsafe network, such as the Internet.