From owner-freebsd-security  Tue Jun 27 16:23:55 2000
Delivered-To: freebsd-security@freebsd.org
Received: from testbed.baileylink.net (testbed.baileylink.net [63.71.213.24])
	by hub.freebsd.org (Postfix) with ESMTP id 1448A37C42B
	for <freebsd-security@FreeBSD.ORG>; Tue, 27 Jun 2000 16:23:46 -0700 (PDT)
	(envelope-from brad@testbed.baileylink.net)
Received: (from brad@localhost)
	by testbed.baileylink.net (8.9.3/8.9.3) id SAA46304
	for freebsd-security@FreeBSD.ORG; Tue, 27 Jun 2000 18:24:14 -0500 (CDT)
	(envelope-from brad)
Date: Tue, 27 Jun 2000 18:24:13 -0500
From: Brad Guillory <round@baileylink.net>
To: freebsd-security@FreeBSD.ORG
Subject: Re: Re[2]: ssh server for WinNT
Message-ID: <20000627182413.E21071@baileylink.net>
Mail-Followup-To: freebsd-security@FreeBSD.ORG
References: <846988849.20000627165800@buz.ch> <Pine.BSF.4.10.10006271026190.52036-100000@bsdie.rwsystems.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2i
In-Reply-To: <Pine.BSF.4.10.10006271026190.52036-100000@bsdie.rwsystems.net>; from jwyatt@rwsystems.net on Tue, Jun 27, 2000 at 10:34:34AM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

VNC passwords are encrypted but the data is not.  This means that
if you enter a password after the session is setup (i.e. to log into
the NT box) your password is snoopable.

BMG

On Tue, Jun 27, 2000 at 10:34:34AM -0500, James Wyatt wrote:
> A lot of useful things can be done with CLI on NT, especially when your
> scripting is in Perl...
> 
> Couldn't you also use SSH to tunnel the VNC traffic, protecting it from
> snooping and providing multiple passwords for multiple users? I thought
> VNC passwords were sent clear and not rate-limited to prevent cracking.
> 
> Just my 2 bits - Jy@
> 
> On Tue, 27 Jun 2000, Gabriel Ambuehl wrote:
> 	[ ... ]
> > Tuesday, June 27, 2000, 4:39:29 PM, you wrote:
> > > Since when is putty a ssh server?  I coulda sworn it was a telnet/ssh1/etc
> > > client... but then again i have been wrong before :P
> > 
> > You're right. It IS just a client. I'm just doubting how much sense a
> > ssh server for NT would make. Ok, you can control many of the network
> > stuff from CLI but beside that, you'd still have the need for a
> > solution such as VNC or PcAnywhere to control the settings only
> > avaiable by the GUI (one could argue that's possible to control the
> > system by hacking the registry which should be doable from CLI but who
> > would be so masochistic? ;-).
> 	[ ... ]
> 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

-- 
    __O    |     Information wants to be free!     |     __O    Bike
  _-\<,_   |  FreeBSD:The Power to Serve (easily)  |   _-\<,_    to
 (_)/ (_)  | OpenBSD:The Power to Serve (securely) |  (_)/ (_)  Work


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message