:: 01-Aug-1999 17:20 (Sunday) ::
It’s a lazy Sunday and you obviously have nothing better to do. After
all, you’re reading my .plan file. :) There’s never been a better time
to install ssh and pgp.
Imagine, by the end of the day today you could be more secure and have
more privacy by installing one or both tools on your system(s).
If you’re not using PGP (yet), drop by http://www.pgpi.com/ and have
a look around. http://www.pgpi.com/cgi/download-wizard.cgi will let
you easily determine exactly which version of is appropriate for your
OS and location. PGP installation is pretty straightforward and there
is ample online documentation and tutorials. Not only does PGP become
more useful each time a new person starts using it, but the more people
we have using PGP routinely the harder it will be to remove our freedom
to do so. There’s no reason not to use encryption, except for inertia.
And I guarantee it’s not as hard to install or use as you may be
thinking.
If you ARE using telnet or rlogin or ftp, then you have problems now
and you don’t even realize it. Did you realize that every time you
telnet or rlogin or ftp to a remote host that you are transmitting
your username and password in clear text? Sniffing passwords is
a trivial task, mostly due to the widespread use of insecure protocols
such as telnet. ssh is a drop-in, secure alternative for telnet, rlogin,
rsh, and ftp. Not only is it secure, but it’s easier to use and more
featureful as well. On top of security it adds such features as
compression, encrypted traffic, encrypted tunnels, and completely
automatic and secure X11 forwarding. Plus with RSA Authentication you
can eliminate passwords entirely. A cracker can’t crack a password that
doesn’t exist.
Unix users can obtain ssh from ftp://ftp.cs.hut.fi/pub/ssh/ and have
it up and running in a matter of minutes. I recommend the 1.2.27
version of ssh (as opposed to the v2 platform) due to licensing
difficulties with the v2 platform. Non-unix users have even more
options.
For Win32 there’s SecureCRT (http://www.vandyke.com) which is an
excellent, albeit commercial solution. There’s also a very nice, free
implementation of ssh which works with Tera Term. You can grab it from
http://hp.vector.co.jp/authors/VA002416/teraterm.html
For Macintosh, I understand that there’s a nice plug-in for NiftyTelnet
at http://www.lysator.liu.se/~jonasw/freeware/niftyssh/ although I’ve not
used it.
There’s never been a better time to be more secure. Simply by installing
a couple of easy-to-use applications you could be on your way to a more
secure, more private computing experience. Your data is yours, and here
are two ways to ensure that it stays that way.
For #distributed regulars, here’s my most compelling argument:
SlicerAce uses both ssh and pgp, why on earth don’t you?