Date: Fri, 6 Apr 2001 03:43:57 -0700 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Jan Grant" <Jan.Grant@bristol.ac.uk> Cc: "freebsd-questions" <freebsd-questions@FreeBSD.ORG> Subject: RE: SSHD Problems... Message-ID: <002601c0be86$7bd7a8c0$1401a8c0@tedm.placo.com> In-Reply-To: <Pine.GSO.4.31.0104061115110.14755-100000@mail.ilrt.bris.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
>-----Original Message----- >From: owner-freebsd-questions@FreeBSD.ORG >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Jan Grant >Sent: Friday, April 06, 2001 3:21 AM >To: Ted Mittelstaedt >Cc: freebsd-questions >Subject: RE: SSHD Problems... > > >On Fri, 6 Apr 2001, Ted Mittelstaedt wrote: > >> Also, I think even the security people will tell you that the practice of >> passing the key during the _first_ initial connection via ssh basically >> destroys the entire integrity of the ssh transaction - key passing is >> supposed to be out-of-band, not in-band. > >You're referring to "remote server's key fingerprint is BLAH; accept?" > >Of course, all your users will refer to the printout they have of the >signed email the sysadmin sent around giving the ner servers' >fingerprints. > This works great in networks where ssh has the least value - internal corporate nets where the sysadmin has got to the user's workstations to set up the secure mail to begin with. :-) It don't work so good for public access servers that ISP's field and the users are sshing into it for the first time, and it doesen't work well in academic nets where ssh is the most valuable and the users are really green. >Maybe you can't trust users to do this; but you ought to be able to >trust a sysadmin to preinstall appropriate host keys or make the >fingerprints available through other channels. > >It is, of course, true that if you don't understand ssh you can continue >to use it blithely unaware of security problems that may have arisen. >And people _do_ do that :-( - generally, though, MITM attacks against >ssh require some concerted effort. If you consider that such a threat In a modern corporate net with subnets separated by routers and a lot of layer-2 switching, sniffer attacks require a fair bit of effort to mount also. Sniffer attacks on switches in particular can cause a lot of degredation and throw flags up all over the place, and these are what ssh is mainly intended to protect against. sniffing on the Internet, of course, is the most far-fetched and difficult to accomplish of all. >exists and is relevant in your situation, then you need to weigh it >against the cost of user training* to get them to use the tools >properly. > or against the cost of replacing rotten old flat hubs with modern managed switches and monitoring them, in which case you may be able to exercise enough control over the network to find that you don't need ssh to begin with. >jan > >* And sysadmin training, too. > Ah, but I thought they didn't allow us to discriminate against the ignorant any more. :-) After all, isn't that why business owners mandate NT - because it's so easy that you don't need a high-priced and trained admin to run your network? At least that's what MS's marketing department tells me. ;-) Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002601c0be86$7bd7a8c0$1401a8c0>