Date: Sat, 10 May 2003 13:39:36 +0200 From: William Fletcher <ultraviolet@epweb.co.za> To: northern snowfall <dbailey27@ameritech.net> Cc: freebsd-questions@freebsd.org Subject: Re: [Fwd: Re: Why is port 22 open by default?] Message-ID: <20030510113935.GD92087@tulip.epweb.co.za> In-Reply-To: <3EBCF0AB.4080504@ameritech.net> References: <3EBCF0AB.4080504@ameritech.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--cQXOx3fnlpmgJsTP
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi,
OpenSSH has had issues with trivial things from what I've seen.
Although, the trojaning incident and OpenBSD's servers running solaris was
a good laugh.
Rather just firewall everything else on the network out of it.
Thats what I do, that way I can still scp and I just keep it up to date.
And if you aren't using IPSec already, you are asking for it ;)
Besides, when was the last bug in OpenSSH? :)
On Sat, May 10, 2003 at 07:29:31AM -0500, northern snowfall wrote:
> >
> >
> >Sounds like SSH is secure enough for me. Or is a 19 character password t=
oo=20
> >short? :-)
> >
> SSH is not secure. Forget paranoia, think about design
> and implementation. You're better off using IPsec and
> {OTP, Kerberos logins, S/Key, ... } for secure login
> infrastructure in a UNIX environment. SSH code,
> especially OpenSSH, has been proven exploitable too
> much for most serious security analysts to keep using
> it for security-intense networks. By exploitable, I
> don't just mean injection and execution of malicious
> code, but, weaknesses in the base crypto. At least
> IPsec obfuscates the underlying authentication
> protocol and isn't targetable as a program.
> Don (north_)
> http://deadchildren.org/
>=20
> >
>=20
>=20
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o=
rg"
--=20
William Fletcher=20
Epweb's clown.=20
http://www.vision.za.net/irc/ || IRC addict ultraviolet on irc.epweb.co.za=
=20
Uber FreeBSD! http://www.FreeBSD.org/
--cQXOx3fnlpmgJsTP
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
iD8DBQE+vOT3ju3fq0dMPxsRAoJLAJ9KK8qAMc2Gr0hCKGG9VW+l22kRsACeOikL
O8c0vC7K+9CKtJaTXddv9mk=
=oHKy
-----END PGP SIGNATURE-----
--cQXOx3fnlpmgJsTP--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030510113935.GD92087>