« Previous 1 2
Shell in a Browser
Encryption and Certificates
Although initial experiments with Shell In A Box on your local machine can do without encryption, you will definitely want to use SSL to safeguard your connections in production. You need a certificate for this, either in the current working directory or at a storage location you specify using the --cert=directory option.
Encrypting passwords and data between the sender and receiver keeps data safe against sniffing by unauthorized third parties. To add this level of security, you need a certificate, like those used by many websites (and mail servers) – people don’t typically notice them until the browser reports a certificate issue. The idea is that the certificates ensure that the server at the other end of the connection really is what it tells the client it is; otherwise, an attacker could simply spoof the authorized entity at the other end of the connection.
Certificates are issued by commercial certification authorities: They verify the identity of the certificate owner and then issue a certificate for a hostname. The browser automatically identifies the certificate as genuine: It trusts specific certificate authorities. CAcert is a community-based alternative solution.
Finally, another option is to create self-signed certificates with OpenSSL.
Create a key:
# openssl genrsa -des3 -out server.key 1024
Create a certificate signing request (CSR):
# openssl req -new -key server.key -out server.csr
Remove the password from the key:
# cp server.key server.key.org # openssl rsa -in server.key.org -out server.key
Sign the CSR and create the certificate:
# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt # cat server.crt server.key > certificate.pem
If you use a self-signed certificate (Figure 3) and access services secured in this way from other machines across the Internet, you should definitely take a close look at the certificate and compare the matching MD5/SHA1 fingerprints.
Figure 3: A self-signed certificate in a web browser.
The Author
Wolfgang Dautermann is a system administrator who has tamed many flavors of Linux and various Unices, including Solaris, Irix, and Tru64. He is a co-organizer of Linux Days in Graz, Austria, which next convenes April 28 for its 10th annual meeting [http://www.linuxtage.at] (in German).
« Previous 1 2
Related content
-
Remotely managing web access servers
The Windows PowerShell web-based console lets you run PowerShell commands and scripts in your browser. -
The best cmdlets for PowerShell
Windows is no longer the system for mouse pushers. In the latest server version, the default installation installs without a GUI, and management via PowerShell is a part of everyday life for Windows administrators. -
Top PowerShell Cmdlets
Windows is no longer the system for mouse pushers. In the latest server version, the default installation installs without a GUI, and management via PowerShell is a part of everyday life for Windows administrators.
-
Security first with the Hiawatha web server
The small but secure Hiawatha web server provides an appealing alternative to the complex Apache and other alternatives. -
Automate the Active Directory Federation Services install
Installing Active Directory Federation Services is complex and involves several GUIs. For admins entrusted with building a farm, repetitive clicking in various management consoles can become an annoying and error-prone process. The call for automation is loud.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
