Date: Tue, 1 May 2001 14:10:21 -0700 From: "Charles Ulysses Farley" <oldfart@gtonet.net> To: "security@FreeBSD. ORG" <security@FreeBSD.ORG> Subject: RE: OpenSSH accepts any RSA key from host 127.0.0.1, even on non-default ports Message-ID: <BIEHKEFNHFMMJEKCDMLNMEEICIAA.oldfart@gtonet.net> In-Reply-To: <20010501162354.A282@bootp-20-219.bootp.virginia.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
It *may* be less secure to ssh through a ssh tunnel but it is sometimes necessary if the machine on the other end of the tunnel has telnet closed and only allows ssh. Charles > -----Original Message----- > From: owner-freebsd-security@FreeBSD.ORG > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Mipam > Sent: Tuesday, May 01, 2001 1:24 PM > To: Alex Popa > Cc: security@FreeBSD.ORG > Subject: Re: OpenSSH accepts any RSA key from host 127.0.0.1, even on > non-default ports > > > On Tue, May 01, 2001 at 11:16:16PM +0300, Alex Popa wrote: > > The reason why this bothers me is that I sometimes use ssh to tunnel ssh > > connections (blowfish encryption in a 3DES tunnel, anyone?) > > Some ppl think that using encryption to encrypt allrdy encrypted data > is dubble secure. This is in general certainly not true. > Instead, sometimes it becomes only easier to crack it. > So i wouldnt advice to use ssh in a ssh tunnel to aviod possible > problems like that. > Bye, > > Mipam. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BIEHKEFNHFMMJEKCDMLNMEEICIAA.oldfart>