Foreword

The use of Secure Shell (ssh) does not alleviate a site from having to both develop and enforce an effective systems/network security policy. This paper presents some general guidelines on the client side use of ssh including key generation and management. Sites are strongly encouraged to develop, if they don't already exist, security policies and procedures that make sense for the respective installation and resources given the facility in question. If local policies/procedures exist, these should take priority over the following guidelines.

For examples in this document, we will deal with a hypothetical workstation "WOMBATNET" and a user, with the username "wombat". In addition the system WOMBATNET is either a Unix or Linux operating environment and has the OpenSSH client software installed and ready to use. All connection-based examples occur between WOMBATNET and the NCAR system chinookfe.ucar.edu, unless stated otherwise.

If you have questions about this document, please contact SCD Customer Support. You can also reach us by telephone 24 hours a day, seven days a week at 303-497-1278. Additional contact methods: consult1@ucar.edu and during business hours in NCAR Mesa Lab Suite 39.