Secure messaging between Unix boxes

Secure messaging between Unix boxes

Post by Bob Badarac » Fri, 14 Mar 1997 04:00:00



Can anyone suggest a secure method (outside of using secure rsh/rshd) that
will allow a client running on one Unix machine A to execute a remote program
or function across a network on Unix machine B? The output of the remote
program must be sent back as a stream to the client as a result.

The problem with rsh, rcmd(), etc., and the idea of using a shell to execute a
remote program scares me. Of course you can use Kerberos to authenticate the
client to the server, but, from what I've been reading, doesn't seem very
secure.

I'm open to any and all suggestions.

 
 
 

Secure messaging between Unix boxes

Post by Bennett To » Fri, 14 Mar 1997 04:00:00



>Can anyone suggest a secure method [...] that will allow a client running on
>one Unix machine A to execute a remote program or function across a network
>on Unix machine B? The output of the remote program must be sent back as a
>stream to the client as a result.

Depends on your definition of "secure". Me, I want several things out of
"secure":

        - nobody but authorized accounts can run commands;
        - an intruder snooping the wire can't steal the credentials of an
          authorized user;
        - such an intruder also cannot interpret the data stream travelling
          over the wire; and
        - even if the TCP connection is stolen, the intruder cannot inject
          data into it and have it accepted.

Ssh does these things wonderfully. If your needs aren't as strong, you may be
able to find a lighter-weight protocol. But I bet you can't find one that's
easier to install and use. Ssh is a major win.

-Bennett

 
 
 

Secure messaging between Unix boxes

Post by Sean A. Walbe » Fri, 14 Mar 1997 04:00:00



>Can anyone suggest a secure method (outside of using secure rsh/rshd) that
>will allow a client running on one Unix machine A to execute a remote program
>or function across a network on Unix machine B? The output of the remote
>program must be sent back as a stream to the client as a result.

ssh for sure.  If installed to do so, it will replace the r* commands
with the equivilant versions of itself.  Then you can do rsh hostname
command over an encrypted, authenticated session.

I can't say I've done it (I use ssh but not the secure r commands),
though a collegue does and the manual describes it's installation
(which is a very simple process)

Sean