13. Ssh (Secure Shell)
Ssh (Secure Shell) is a program that allows you to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over insecure channels. For your most secure systems, you can run Ssh instead of telnet and ftp. Its features include the following:
· Strong authentication. Closes several security holes (e.g., IP, routing, DNS spoofing, and listening for passwords from the network). New authentication methods: .rhosts together with RSA based host authentication, and pure RSA authentication.
· All communications are automatically and transparently encrypted. Encryption is also used to protect against spoofed packets and hijacked connections.
· X11 connection forwarding provides secure X11 sessions.
· Arbitrary TCP/IP ports can be redirected over the encrypted channel in both directions.
· Client RSA-authenticates the server machine in the beginning of every connection to prevent Trojan horses (by routing or DNS spoofing) and man-in-the-middle attacks. The server RSA-authenticates the client machine before accepting .rhosts or /etc/hosts.equiv authentication (to prevent DNS, routing, or IP spoofing).
· An authentication agent, running in the user's local workstation or laptop, can be used to hold the user's RSA authentication keys.
· Multiple convenience features fix annoying problems with rlogin and rsh.
Secure Shell is widely used and very stable - we highly recommend it. You can get it here: http://www.cs.hut.fi/ssh.