« Previous 1 2
Shell in a Browser
Encryption and Certificates
Although initial experiments with Shell In A Box on your local machine can do without encryption, you will definitely want to use SSL to safeguard your connections in production. You need a certificate for this, either in the current working directory or at a storage location you specify using the --cert=directory option.
Encrypting passwords and data between the sender and receiver keeps data safe against sniffing by unauthorized third parties. To add this level of security, you need a certificate, like those used by many websites (and mail servers) – people don’t typically notice them until the browser reports a certificate issue. The idea is that the certificates ensure that the server at the other end of the connection really is what it tells the client it is; otherwise, an attacker could simply spoof the authorized entity at the other end of the connection.
Certificates are issued by commercial certification authorities: They verify the identity of the certificate owner and then issue a certificate for a hostname. The browser automatically identifies the certificate as genuine: It trusts specific certificate authorities. CAcert is a community-based alternative solution.
Finally, another option is to create self-signed certificates with OpenSSL.
Create a key:
# openssl genrsa -des3 -out server.key 1024
Create a certificate signing request (CSR):
# openssl req -new -key server.key -out server.csr
Remove the password from the key:
# cp server.key server.key.org # openssl rsa -in server.key.org -out server.key
Sign the CSR and create the certificate:
# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt # cat server.crt server.key > certificate.pem
If you use a self-signed certificate (Figure 3) and access services secured in this way from other machines across the Internet, you should definitely take a close look at the certificate and compare the matching MD5/SHA1 fingerprints.
The Author
Wolfgang Dautermann is a system administrator who has tamed many flavors of Linux and various Unices, including Solaris, Irix, and Tru64. He is a co-organizer of Linux Days in Graz, Austria, which next convenes April 28 for its 10th annual meeting [http://www.linuxtage.at] (in German).
« Previous 1 2