Subtitles of the Movie

We've talked about a lot of things, a lot of different topics when referring to security with SSH, and other things, other configuration issues. So I thought we'd summarize a few things here and kind of give you a list of Do's and Don'ts for using Secure Shell, and these are in no particular order, but are just things that you should keep in mind both from just a standard use point of view, and from a configuration point of view and it will help you have a more secure installation of Secure Shell. First of all, the big one is don't use unencrypted means of sending user names, passwords, and data over non-secure networks, and that goes into the next one as well. Use SSH instead, don't use those: Telnet, FTP, and in particular the old R Services such as RShell, RCP, RExec and so forth. Use SSH instead of those unencrypted means of sending data over the network. As far as a practical use thing goes, don't use the root account over the SSH session. Use a different account instead that's been configured just for SSH that has the privileges you need to perform actions over SSH. Also, definitely try to use the sudo command whenever possible to access a secure shell across remote networks, and, as a matter of fact, on your local systems as well for any programs that require any higher-level or administrative type of privileges. Use public key authentication whenever possible and practical. There are some times where you may not want to use it where just in a more secure environment you can use a simple password to access Secure Shell, but using public key authentication is a more secure method of doing it. It's a two-factor method of doing it, especially if you're using a passphrase with your private key to protect it. If you have to use non-secure protocols at all try to tunnel those over the secure session with SSH. Again, this will at least protect them by encrypting the session, that's encrypting the tunnel itself, so that it'll be protected a little bit better. Try not to use non-secure graphical utilities or protocols for logging in, such as XDMCP for example, that's a very unsecure protocol. Instead try to use Secure Shell X11 Forwarding as we've talked about, use that to get some of your graphical tools and so forth over Secure Shell. Try to tunnel your Remote Desktop program, such as VNC or Remote Desktop and so forth, over SSH because VNC, in particular, is a very unsecure protocol and you're sending your Remote Desktop over unencrypted means and it's a very unsecure way to do it. But if you tunnel this over SSH, as we've talked about, then you've got that secure Remote Desktop environment. Definitely use secure copy, scp and secure ftp, instead of the regular ftp. As we saw earlier in the course running ftp sends things over the network in an unsecure manner, unencrypted. It sends user names, passwords and the data itself unencrypted so you want to use a different method, a more secure method for copying those files. Machine-to-machine use scp, if you're, if you need to copy a group of files or do browsing use secure ftp. Another thing you might want to do is if you have to remotely mount file systems across a network so that you can use them for a period of time you might want to use the Secure Shell file system to do this, to remotely mount those file systems, and we saw how easy that is to do. Another thing, and this is very important, is don't use protocol version 1. Use the version 2 instead and configure your machines to only use version 2. Any SSH-aware applications or programs that you use that can be configured to use either version 1 or version 2, make them use only version 2 instead so they don't default down to version 1 accidentally. And the biggest Do I can tell you is definitely do learn how SSH works, and the only real good way to do that is to practice using it. Setup a couple of computers on a network like we've done during this presentation and learn how it works. Go back and forth. You're going to make mistakes but with practice you'll learn exactly how the syntax works, exactly what you can and can't do, and you'll probably learn a lot more by doing that than you can learn from a book or a course. There's no substitute for experience. Also, research things. If you want to know how to do something that we haven't discussed here, or something kind of unique and strange to your environment, read up on the Advanced Options and figure out how to do that. Chances are, if there's any kind of network communication that you can do between two computers, Secure Shell can help you do that.