Date: Tue, 10 Oct 2000 19:16:40 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: dcs@newsguy.com (Daniel C. Sobral) Cc: dillon@earth.backplane.com (Matt Dillon), phk@critter.freebsd.dk (Poul-Henning Kamp), rwatson@FreeBSD.ORG (Robert Watson), kris@citusc.usc.edu (Kris Kennaway), tlambert@primenet.com (Terry Lambert), arch@FreeBSD.ORG, imp@village.org (Warner Losh), jruigrok@via-net-works.nl (Jeroen Ruigrok van der Werven) Subject: Re: cvs commit: src/etc inetd.conf Message-ID: <200010101916.MAA15501@usr09.primenet.com> In-Reply-To: <39E35015.1F7C97B8@newsguy.com> from "Daniel C. Sobral" at Oct 11, 2000 02:21:25 AM
next in thread | previous in thread | raw e-mail | index | archive | help
> Buy? Free ssh for windows abound. There's even at least one scp, though > the one I have in mind does not support RSA keys, which is not the > default for our sshd anyway. Since people have been naming names, here > is more one: TeraTerm Pro with SSH enhancement. Supports RSA, TIS, > forwarding, X servers, and up to vt320 and vt382, including <gasp> > colors. Free. A VT382 is a DECWindows terminal; its primary claim to fame is that it supports ISC (Input Sequence Check) mode, which permits it to support Pacific Rim input methods. Being an X Display, it still needs a client program. 8-p. A VT320 is the upgraded version of the VT220; its primary claim to fame over its predecessor is 9 bit instead of 8 bit with implied 9th bit duplication in its sixel graphics, and support for ReGIS graphics and session switch, when using DEC supplied terminal servers, like the DECServer 200. It's monochrome. Oh yeah, it's also slower than the VT220, since it uses a ROM cartridge for its state machine. You probably mean "VT340 emulation", if it supported "<gasp> colors". Not to be pendantic, or anthing, mind you... havong done my first VTxxx emulator in the eary 80s, when these things first became available, I have a warm place in my heart for these things. Anyone want to know why a VT102P is different from a VT100, or why a VT640 was also called a "Retrographics" terminal? 8-) 8-). > > Setting up ssh on a rackmount FreeBSD box is trivial. It's actually > > easier to do then setting up telnet. For example, in order to get > > initial access to the box from the console one can simply download and > > run a simple script which pulls the public key to be used for root's > > authorized_keys file into ~root/.ssh/authorized_keys. Bang, you now > > have secure access to the machine. This is a whole lot better then > > Since we have some nice daily/weekly/monthly scripts, can we add this > function to then, with any likely knobs and turned off by default? Actually, this is a bad idea, since there is no non-repudiation; that means that you are subject to a man-in-the-middle and session replay attacks, just like when you first set up NT, and manually enter the domain controller password the first time... actually, it's worse, since an attacker could respond as the server from which you are getting the original authorized_keys file. Before someone says "put it on a floppy", the most likely multiple rack install method would be to do it via netboot, not CDROM or floppy, since that another 36GB of disk space we can put in that otherwise bootable device slot. Frankly, if your environment is that hostile, you should probably consider hosting your boxes some place other than script-kiddie heaven, even if they do offer you $30/month off your colocation charges in exchange for you tolerating them trying to crack your machines. At the very least, you should consider a headful install; at least then, like NT, theres no initial man-in-the-middle possible between the person doing the install and the keyboard jack. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200010101916.MAA15501>