Date: Fri, 22 Dec 2000 23:28:07 -0800 From: Kris Kennaway <kris@FreeBSD.ORG> To: David Preece <davep@afterswish.com> Cc: opentrax@email.com, freebsd-hackers@FreeBSD.ORG Subject: Re: ssh - are you nuts?!? Message-ID: <20001222232807.A8092@citusc.usc.edu> In-Reply-To: <5.0.0.25.1.20001223132307.01b00b70@pop3.i4free.co.nz>; from davep@afterswish.com on Sat, Dec 23, 2000 at 01:25:11PM %2B1300 References: <200012222337.PAA20885@spammie.svbug.com> <5.0.0.25.1.20001223132307.01b00b70@pop3.i4free.co.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
--9jxsPFA5p3P2qPhR Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Dec 23, 2000 at 01:25:11PM +1300, David Preece wrote: > At 15:37 22/12/00 -0800, you wrote: >=20 > >The question asked is: why you believe ssh is beter > >than say telnet. Or what advantages SSH has in general. >=20 > Sorry, don't have time to reply to this properly. >=20 > The main evil of ssh is that server authentication is not enforced, makin= g=20 > mounting a man-in-the-middle attack basically trivial. Incorrect..the problems with SSH come down to flaws in the human operator who ignore the warnings SSH gives them, and tell it explicitly to do insecure things like connect to a server which is suddenly not the one you're used to connecting to. These flaws can be all but eliminated by telling SSH to not even give the poor weak confused human the choice of answering yes to the question, by setting of a simple configuration option. JMJr, a good place to start your talk on "The Evils of SSH" might be the Pavlovian conditioning of humans to answer "Yes" to every question a computer gives them..focus on the real problem here. Kris --9jxsPFA5p3P2qPhR Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6RFQHWry0BWjoQKURAiyeAJ48Zyz/CY1QfBw7yxqPi5C2mSstJQCZAY/O sZBEeUq7F7HXq7JToUWMaRk= =aWwR -----END PGP SIGNATURE----- --9jxsPFA5p3P2qPhR-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001222232807.A8092>