Your server is bastionized, it resides in a firewall-protected DMZ network, and its services are fully patched and configured for optimal security. You’ve just installed it in a server room, which is monitored by surly armed guards and accessible only after peering into a retinal scanner and submitting to a body cavity search. Not that you plan to visit the system in person, though; it’ll be no problem to perform your administrative duties from the comfort of your office, thanks to good old Telnet.
What’s wrong with this picture?
TCP/IP network administration has never been simple. And yet, many of us remember a time when connecting a host to “the network” meant one’s local area network (LAN), which itself was unlikely to be connected to the Internet (originally the almost-exclusive domain of academia and the military) or any other external network.
Accordingly, the threat models that network and system administrators lived with were a little simpler than they are now: external threats were of much less concern then. Which is not to say that internal security is either simple or unimportant; it’s just that there’s generally less you can do about it.
In any event, in the old days we used
telnet
,
rlogin
,
rsh
,
rcp
, and the X
Window System to administer our systems remotely, because of the
aforementioned lesser threat model and because
packet
sniffers (which can be used to eavesdrop the passwords and data that
these applications transmit unencrypted) were rare and people who
knew how to use them were even rarer.
This is not so any more. Networks are bigger and more likely to be connected to the Internet, so packets are therefore more likely to pass through untrusted bandwidth. Furthermore, nowadays, even relatively unsophisticated users are capable of using packet sniffers and other network-monitoring tools, most of which now sport graphical user interfaces and educational help screens. “Hiding in plain sight” is no longer an option.
None of this should be mistaken for nostalgia. Although in olden times, networking may have involved fewer and less-frightening security ramifications, there were far fewer interesting things you could do on those early networks. With increased flexibility and power comes complexity; with complexity comes increased opportunity for mischief.
The point is that clear-text username/password authentication is obsolete . (So is clear-text transmission of any but the most trivial data, and, believe me, very little in an administrative session isn’t fascinating to prospective system crackers.) It’s simply become too easy to intercept and view network packets.
But if telnet
, rlogin
,
rsh
, and rcp
are out, what
should one use? There is a
convenient yet secure way to administer Unix systems from afar:
it’s called the
Secure Shell.
Get Building Secure Servers with Linux now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.