From owner-freebsd-questions  Wed Nov  7 18:53:52 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5])
	by hub.freebsd.org (Postfix) with ESMTP id CC3A237B419
	for <questions@FreeBSD.ORG>; Wed,  7 Nov 2001 18:53:49 -0800 (PST)
Received: from hades.hell.gr (patr530-a214.otenet.gr [212.205.215.214])
	by mailsrv.otenet.gr (8.11.5/8.11.5) with ESMTP id fA82ri019230;
	Thu, 8 Nov 2001 04:53:45 +0200 (EET)
Received: (from charon@localhost)
	by hades.hell.gr (8.11.6/8.11.6) id fA82rhk03113;
	Thu, 8 Nov 2001 04:53:43 +0200 (EET)
	(envelope-from charon@labs.gr)
Date: Thu, 8 Nov 2001 04:53:41 +0200
From: Giorgos Keramidas <charon@labs.gr>
To: Anthony Atkielski <anthony@atkielski.com>
Cc: Ben Eisenbraun <bene@klatsch.org>, questions@FreeBSD.ORG
Subject: Re: Lockdown of FreeBSD machine directly on Net
Message-ID: <20011108045340.A2965@hades.hell.gr>
References: <15330.23714.263323.466739@guru.mired.org> <00b501c1637b$1cd2f880$0a00000a@atkielski.com> <20011102095554.A38169@student.uu.se> <00d801c1637c$d3264640$0a00000a@atkielski.com> <20011102055416.B67495@klatsch.org> <012101c16391$3f31ca80$0a00000a@atkielski.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <012101c16391$3f31ca80$0a00000a@atkielski.com>
User-Agent: Mutt/1.3.22.1i
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Fri, Nov 02, 2001 at 12:26:39PM +0100, Anthony Atkielski wrote:
>
> What is the risk of ssh?  It doesn't even use a password, much less send one in
> the clear.  If you don't have a valid private key, you can't get in.  I can see
> why telnet would be a risk, with passwords moving in the clear, and the relative
> ease of trying to guess passwords, but neither of these apply to ssh, as far as
> I know.

Think of the damage that someone can do, if they come with a floppy
and steal the keypair that you use to SSH as root.  If they steal a
keypair that allows them to login as a normal user, well at least they
can't wreak havoc.  They'd still have to guess your root password to
be able to do Bad Things(TM).


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message