3 Tips for Secure Communication

I’ve been using a couple of wireless hotspots the last few days, and while very convenient, it made me think about security. The problem is that every time you check your mail, transfer files with FTP or connect to a server via telnet all the data, including your username and passwords, are transferred over the internet in plain text and therefore in danger of eavesdropping and password sniffing.

Luckily DreamHost provides SFTP, SSH and SSL encrypted POP3/SMTP so you can easily get all your communication encrypted.

Remote Access

Telnet is an internet protocol that allows you to open a shell on the server to interact with the command line. Telnet is a powerful tool that lets you run programs on the server, edit your documents/files directly on the server or configure settings like crontab and procmail. The secure alternative to Telnet is SSH (Secure Shell). The biggest difference between Telnet and SSH is that SSH clients encrypt all the traffic between the user’s machine and the server.

If you want shell access at DreamHost you need to enable it in the Users Area of the Control Panel. If you’re already using Telnet, you don’t need to change anything.

PuTTY seems to be the most popular SSH client (and its codebase is widely used in other software packages), but there exist plenty of alternative clients.

First time you use SSH to connect to a server, you will see a warning like this:

PuTTY warning

The server’s host key was not found in the cache. You have no guarantee that the server is the computer you think it is.

This host key check is an extra security feature of PuTTY. It checks the signature of the server every time you connect, and compares it to your last connection in order to verify you’re really connecting to the same server. First time you connect to a server, PuTTY has nothing to compare with, and therefore ask you what to do.

More info in the Knowledge Base: How do I use Telnet or SSH to access my site.

File Transfer

While FTP is the most widely used file transfer protocol, SFTP is the secure alternative. DreamHost supports both SFTP and SCP on all accounts, but it requires you to enable shell access in the Control Panel.

WinSCP and FileZilla are both free Open Source SFTP clients. Alternative clients can be found at freessh.org. WinSCP’s SSH and SCP code is based on PuTTY, so if you’re used to PuTTY, you will recognise similarities in the user interface.

WinSCP icons

The icons show that the connection is encrypted (using aes and SSL version 2) and that compression is enabled.

More info in the Knowledge Base: SCP / SFTP

Email

DreamHost supports both SSL IMAP and POP3, and a couple of weeks ago they started to offer secure SMTP. SSL provides endpoint authentication and communications privacy over the internet using cryptography. While SSL is most commonly used with HTTP to form HTTPS (secure webpages for applications such as e-commerce and banking), the same technique can be used to secure your communication with a mail server.

All you have to do is to tell your email program to use SSL. In Microsoft Outlook / Outlook Express you do this by selecting “This server requires a secure connection (SSL)” in the accounts dialog box for both POP (incoming mail) and SMTP (outgoing mail). In Mozilla Thunderbird the setting is called “Use secure connection (SSL)”. The port numbers should automatically be updated, otherwise use port 995 for POP (instead of 110) and 25 for SMTP (no change). If your ISP blocks port 25 you can sometimes use port 465 instead.

Outlook Express - Settings

Outlook Express settings…

Outlook Express - Securing...

Outlook Express securing the connection, before it logins to the email account…

The only caveat of using SSL email is an annoying warning since the SSL certificate is registered for mail.dreamhost.com and not for mail.yourdomain.com.

Outlook Express - Internet Security Warning

The server you are connected to is using a security certificate that could not be verified.

I will provide a workaround for this annoyance in my next blog post.

13 Responses to “3 Tips for Secure Communication”

  1. SRTech says:

    Thanks. Interested in hearing your SSL mail warning workaround.

  2. Trevor says:

    and it’s codebase –> and its codebase

  3. Unofficial DreamHost Blog says:

    Trevor – Corrected, thanks!

  4. Eduardo Habkost says:

    While FTP is the most widely used file transfer protocol, SFTP is the secure alternative. DreamHost supports both SFTP and SCP on all accounts, but it requires you to enable shell access in the Control Panel.

    It seems that — unfortunately — an user can’t transfer files securely to dreamhost unless you have enabled shell access to the user.

  5. Paul says:

    Ewwwww. Outlook Express?! ;)
    Otherwise good tips for those who are unaware, though to be honest, anybody who doesn’t know these things shouldn’t be hosting a website.

  6. Chris says:

    “I will provide a workaround for this annoyance in my next blog post.”

    Looking forward to it!!

  7. ranh says:

    Same here regarding the solution for the certificate verification annoyance.

    I have had this dialog box apear on every single mail app I tried – and this includes most clients for windows, linux, mac, and a few cell phones. I even have it show up when i try to log in securely to the webmail, on every browser i tried it on!

    So needless to say, I am also looking forward to a solution :)

  8. gse says:

    So where’s the SSL workaround? :)

  9. Ben says:

    Where is the SSL workarround ????? :)

  10. Linked from: Avoid Warning When Checking Secure Email
  11. Linked from: More Tips for Secure Communication
  12. Linked from: SSH, Tunneling, and Dreamhost
  13. Linked from: The Unofficial DreamHost Blog 1 Year