Date: Mon, 15 Oct 2001 07:56:26 +1000 From: Edwin Groothuis <edwin@mavetju.org> To: Marco Radzinschi <marco@radzinschi.com> Cc: FreeBDS-Questions <freebsd-questions@freebsd.org> Subject: Re: How safe is SSH? Message-ID: <20011015075626.P2865@k7.mavetju.org> In-Reply-To: <20011014031023.J44696-100000@mail.radzinschi.com>; from marco@radzinschi.com on Sun, Oct 14, 2001 at 03:14:31AM -0400 References: <20011014031023.J44696-100000@mail.radzinschi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Oct 14, 2001 at 03:14:31AM -0400, Marco Radzinschi wrote: > I have my firewall blocking port 23 (telnet), but allowing port 22 > (SSH) to go through. Now, this causes _SOME_ inconveniene when connecting > from crappy windows machines without a SSH client on them. > > My question, then, is how strong is SSH? > Is it worth the extra trouble to not allow telnet? It supports/gives you: - an encrypted TCP session - authentication of the remote host - authentication of the user based on public/private key - support for remote shell, remote copy and remote command So yes, the additional features are worth the trouble of installing SSH in favour of telnet/rsh/rexec/rcmd. But it requires some education (and change) of the users. A couple of months ago somebody said "SSH is insecure" and showed it with a man-in-the-middle-attack. At that moment, he 'assumed' that if people get the message "the identification of the remote host has changed, the new identification is ..." they automaticly say "is good, I accept the new identification". This is not a problem with the SSH protocol, this is a problem with the user who blindly clicks on yes in any dialogbox he gets. Edwin -- Edwin Groothuis | Personal website: http://www.MavEtJu.org edwin@mavetju.org | Interested in MUDs? Visit Fatal Dimensions: ------------------+ http://www.FatalDimensions.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011015075626.P2865>