Date: Thu, 8 Nov 2001 04:53:41 +0200 From: Giorgos Keramidas <charon@labs.gr> To: Anthony Atkielski <anthony@atkielski.com> Cc: Ben Eisenbraun <bene@klatsch.org>, questions@FreeBSD.ORG Subject: Re: Lockdown of FreeBSD machine directly on Net Message-ID: <20011108045340.A2965@hades.hell.gr> In-Reply-To: <012101c16391$3f31ca80$0a00000a@atkielski.com> References: <15330.23714.263323.466739@guru.mired.org> <00b501c1637b$1cd2f880$0a00000a@atkielski.com> <20011102095554.A38169@student.uu.se> <00d801c1637c$d3264640$0a00000a@atkielski.com> <20011102055416.B67495@klatsch.org> <012101c16391$3f31ca80$0a00000a@atkielski.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Nov 02, 2001 at 12:26:39PM +0100, Anthony Atkielski wrote: > > What is the risk of ssh? It doesn't even use a password, much less send one in > the clear. If you don't have a valid private key, you can't get in. I can see > why telnet would be a risk, with passwords moving in the clear, and the relative > ease of trying to guess passwords, but neither of these apply to ssh, as far as > I know. Think of the damage that someone can do, if they come with a floppy and steal the keypair that you use to SSH as root. If they steal a keypair that allows them to login as a normal user, well at least they can't wreak havoc. They'd still have to guess your root password to be able to do Bad Things(TM). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011108045340.A2965>