Date: Sat, 23 Dec 2000 02:05:46 -0800 (PST) From: opentrax@email.com To: behanna@zbzoom.net Cc: hackers@FreeBSD.ORG Subject: Re: ssh - are you nuts?!? Message-ID: <200012231005.CAA21445@spammie.svbug.com> In-Reply-To: <Pine.BSF.4.21.0012221936391.10813-100000@topperwein.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 22 Dec, Chris BeHanna wrote: > On Sat, 23 Dec 2000, David Preece wrote: > >> At 15:37 22/12/00 -0800, you wrote: >> >> >The question asked is: why you believe ssh is beter than say >> >telnet. Or what advantages SSH has in general. >> >> Sorry, don't have time to reply to this properly. >> >> The main evil of ssh is that server authentication is not enforced, >> making mounting a man-in-the-middle attack basically trivial. > > Man-in-the-middle or not, the fact that your data aren't > transmitted in the clear automatically gives ssh a leg up over telnet, > rsh, rlogin, and ftp. (At least one large company I know of has > stated flatly, for example, that sending a root password over the wire > in the clear is grounds for immediate termination.) > Is it possible to get the name of that company? > You can certainly > do your own server authentication, by carrying your known hosts file > around on a floppy. ssh *does* warn you when you connect to a host > that isn't present in your known hosts file--this isn't happening > without your knowledge *and* consent. > Some people have stated that the "first contact" scenario is difficult to over come. How do you feel about that? > ssh may have its weaknesses, but telnet has little use other than > as a diagnostic tool, IMHO (I only use it to send protocol commands to > popd or sendmail these days). I'd *hardly* characterize ssh as "evil". > I don't beleive I've ever said SSH is evil. It seems to be a common interpetation of the statement I made. I see that I'll have to make note of that in my talk. Are there any other points you feel might be either a "plus" or "minus" in behalf of ssh? Jessem. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200012231005.CAA21445>