Security Tools

From DreamHost
Jump to: navigation, search

DreamHost has various security tools in place that you can use in order to limit your risk when using our services. The most common tools you will find useful are: SSH, SFTP, and SSL. These tools should be used to replace some of the alternatives which may send your password and other information over the wire in plain text.

SSH Instead of TELNET

SSH - visit the wiki section on SSH for the most information on the SSH service.

SSH, secure shell, is the prefered method for connecting to your machine. SSH encrypts the communication from the local machine and the destination machine. This means that your password is not being transmitted in plain text, which is what TELNET does.

SSH must be turned on for your users. When creating a user in the DreamHost web panel be sure to select the type of User Account to be Shell: allows FTP plus ssh/telnet shell access. It currently says that it allows FTP, but we will be phasing our FTP in favor of SFTP at some point. If you strictly use SSH all transmitted data will be encrypted.

Some SSH clients:

MacOSX: Terminal (built in shell client in Mac OS X.), iTerm
Windows: Putty

You can use a service like versiontracker.com to search for an find the SSH client that is right for you.

INFORMATION USED TO CONNECT
Username, Password, and Hostname
ssh username@hostname.com
Password: Password
Note: putty connects similar to an ftp client where you load the hostname in a profile then connect.
Username and Password are entered when requested after initially connecting to the server.
THINGS YOU SHOULD KNOW
Unix command line:  Using an SSH client puts you directly on the server, which is Debian Linux.
So you will need to know unix command line commands to get around.  Fundamental_Unix_Commands

SFTP Instead of FTP

SFTP - visit the wiki section on SFTP for more information on the SFTP service.

SFTP, or SSH FTP, works just like FTP except that everything is encrypted. In most modern FTP clients there is now an option to connect securely, this uses the SFTP service. There are even clients out there that are SFTP only.

Some notable clients that offer SFTP service:

MacOSX: Fetch, Transmit, RBrowser, Cyberduck, Fugu
Windows: CoreFTP, FTPRush, WinSCP, FileZilla, SftpDrive
Linux/Unix: gFTP, KFTPGrabber

You can use a service like versiontracker.com to search for an find the SFTP client that is right for you.

INFORMATION USED TO CONNECT
Username, Password, and Hostname
It is suggested that you create and save a profile in your SFTP client.  
Also remember to check the secure or SFTP box if you are using a client that offers both FTP and SFTP.
THINGS YOU SHOULD KNOW
If you know how to use FTP then you know how to use SFTP.  FTP

SSL for E-Mail outgoing/incoming

Use the SSL options in your E-Mail clients to encrypt the data transfered from the mail server to your E-Mail client. We have enabled the ability to use SSL for both incoming and outgoing mail. Turning on SSL is actually pretty easy. Edit your account in your E-Mail client. From the edit account page there should be an option for turning on SSL for both SMTP and Incoming mail. Please keep in mind that this just encrypts mail from the server to your mail client and vice versa, it does not encrypt the message all the way to the destination or incoming mail from the sender to the server.

If you want totally encrypted E-Mail you will need to use something like PGP.

Please note that we use DreamHost.com signed certificates so turning on SSL for mail will give you an error. Just accept the certificate and you'll be set with SSL on your email client.


See Also