LinuxQuestions.org - SSH Questions

- Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)

- - SSH Questions (https://www.linuxquestions.org/questions/linux-networking-3/ssh-questions-43948/)

Hi all, I've been making some progress with my SuSE system, got it fully networked with my other systems file sharing etc and now I have a few questions about SSH...

I've found some information regarding this and I'm getting a better understanding but I haven't found exact answers to my questions.

The most important thing I'm trying to establish is whether I have to have a Windows SSH Client to login to my SuSE server via SSH from a Windows system or Is it possible to access my SuSE server from a WinXP/Win2k system just from the DOS prompt without other software?

So whether or not I need extra software, lets suppose that I can connect through SSH to my SuSE box over the Internet.

Once connected would I then be able to open up a telnet session to one of my Windows systems?

If I need a Windows SSH client to do this can you recommend a good one?

Any other useful info or tips welcome :-)

Windows provides a telnet client bit no ssh. Here is a link to putty, it not free but you can use it for two hour intervoles.
http://www.chiark.greenend.org.uk/~sgtatham/putty/

Thanks for the advise.

The site says "Use of PuTTY, PSCP, PSFTP and Plink is illegal in countries where encryption is outlawed. I believe it is legal to use PuTTY, PSCP, PSFTP and Plink in England and many other countries" I will need to look into this though. I didn't think these laws existed here?

How unsecure is Telnet? Am I right in thinking that its insecurity is how it sends the login details over the Internet, and if this is right, how easy can it be to intercept this information? Or is it easy to be hacked if it is running?

I'm assuming that it's not as easy as laying a trojan and taking control of the system it's on.

Thanks

If you have a sniff installed, like ethereal. just start sniffing you NIC and log onto you server with telnet. You will see your username and password in plain text. This is also the case with POP3/SMP (email). So if I where you I would use ssh.
I believe that the encryption laws mainly deals with file encryptions like PGP. PUTTY just send an encrypted username and pssword. But I am not a LAWYER, so plese do not take my words as scripture. Also I live in the US so I do not know the UK laws.
I think that there is a secure telnet, but everybody seems to using ssh. So I would stick with it.

Google for "countries where encryption is illegal" and see what pops up. You might be surprised.

Thanks for your help all.

I carried out a few searches on the law on encryption and as far as I can tell it's not yet illegal in this country. If it is i'm sure I'll find out (if it matters).

I downloaded putty and connected straight away but only to the servers local ip address (192.168.1.100) When I try to connect over the internet I can't connect.

I think this is probably due to iptables, which I haven't yet configured.

I've done an online port scan and all my ports are showing as closed so I don't think that I'm at to much risk (but I know it's not ideal)

The other possibility is because I'm trying to access an external IP address from the same network. What I mean is that my laptop connects through the Linux server (local IP) to access the internet and then trys to connect to the external IP of the same server? Because I'm now on a cable modem I have to setup the laptop for dial up access...I'll test this and see if it makes any difference.

You can use encryption in England :)

As it happens, the 'You can't export stuff with better than 56bit encryption' restriction was recinded some years back I think.

But even so, England has no such laws and you can use 128 bit encryption without fear..

There's not a 'great deal' of security risk with plain telnet, but that's only because you're obscure. Telnet sends username/password from your local machine, across the internet, and to your Linux box in clear text. Which means, as Tangle correctly says, if I sniff the packets somewhere between you and your box I can read your username/password and you're immediately compromised.

That said, it's unlikely I'm going to be doing that. But... if I *did*, you're stuffed. When the alternative to telnet is *as easy* as telnet, and doesn't have the security issues involved, it really makes no sense to use it. Plus, ssh can do lots of nice things that telnet can't - like compress your traffic (-c) forward any X traffic directly to your machine (X11forward=yes), allow you to login as root (which you can't on a Redhat box under Telnet) and other such things.

I would also like to point you to :

http://www.ssh.org who have recently released their SSH client for Windows for FREE. It's a whole lot better than Putty, and includes a nice gui scp client. (Think FTP for ssh).

Nice one Slick.

I checked out the ssh.org site, is it SSH Secure Shell for Workstations - Non Commercial evaluation version? that you mentioned?

Which ever client I decide on still leaves me with a big problem! I'm so far unable to connect to the SSH server from over the internet?

Can you advise on how I can connect to the SSH via the external ip address?
What should I be looking for?
Do I need to edit ip tables?