How Safe is SSH ?

Damon,

SSH is safe, but if you want it to be even safer you may want to install a firewall router with VPN capabilities. Than you can connect your network from outside using the VPN client.

Ziv

Like Ziv said, SSH is safe, but you can make it even safer by adding a password to log on every time, which decreases the convenience.

Damon,

A VPN has an encryption layer that is dependent on the VPN manufacture on top of the IP protocol ( This was designed for accessing local network from remote sites).

Ziv

SSH is a very secure method of connecting to a server. The best way to use it is to setup public key authentication and turn off password authentication.

Public key authentication is on by default, what you want to do is disable password authentication. For that, you edit the file /etc/sshd_config. Change parameter "PasswordAuthentication" to "no" (and remove the hash sign at the start of the line). While you are there, you might want to override some less secure defaults, such as "Protocol 2" instead of "Protocol 2,1", and "PermitRootLogin no".

In order to use public key authentication you have to have, err, keys 😉 These you generate on your remote systems (using tools like ssh-keygen, depending of what implementation of ssh they use). This will give you public-private key pairs, one on each remote system. You can also generate a key pair that you carry around with you on a USB stick, and use from anywhere. Make sure you protect your private key with a (long!) passphrase.

Take the public keys (in OpenSSH they are called something like id_*.pub) and add them all into file ~/.ssh/authorized_keys on your local system, one key per line (beware of line breaks). That file must not have read or write permissions for anyone but the owner (yourself), or it won't be accepted by OpenSSH.

Before you make the above changes to /etc/sshd_config, test your key setup. If your keys are set up correctly, pubkey authentication will take precendence and you won't be prompted for a password upon login from remote. If you do get a password prompt something is wrong. You will get prompted for the passphrase protecting your private key on the remote system, of course.

Once your keys are working you can disable password authentication in the sshd config file.

Hope this helps.

Cheers
Steffen.

Off hand, I imagine if you google for "ssh" you'll find tons of information.

The passphrase protects the private key (the secret part of the key pair - e.g. id_dsa or id_rsa). It is required whenever you want to use the private key.

You could carry a copy of the private key with you on a USB stick or similar. Be aware that if you lose it, the only thing that keeps someone from using your private key (your identity) is the passphrase, so choose a good one.

To use ssh from a remote machine with your key-on-a-stick type something like:

$ ssh -i /path/to/where/it/is/id_dsa you@yourhost

Cheers
Steffen.