From owner-freebsd-security  Tue May  1 14:10:28 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mls.gtonet.net (mls.gtonet.net [216.112.90.195])
	by hub.freebsd.org (Postfix) with ESMTP id 106B737B422
	for <security@FreeBSD.ORG>; Tue,  1 May 2001 14:10:22 -0700 (PDT)
	(envelope-from oldfart@gtonet.net)
Received: from pld (pld.gtonet.net [216.112.90.200])
	by mls.gtonet.net (8.11.3/8.11.3) with SMTP id f41LAMS65166
	for <security@FreeBSD.ORG>; Tue, 1 May 2001 14:10:22 -0700 (PDT)
	(envelope-from oldfart@gtonet.net)
Reply-To: <oldfart@gtonet.net>
From: "Charles Ulysses Farley" <oldfart@gtonet.net>
To: "security@FreeBSD. ORG" <security@FreeBSD.ORG>
Subject: RE: OpenSSH accepts any RSA key from host 127.0.0.1, even on non-default ports
Date: Tue, 1 May 2001 14:10:21 -0700
Message-ID: <BIEHKEFNHFMMJEKCDMLNMEEICIAA.oldfart@gtonet.net>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
In-Reply-To: <20010501162354.A282@bootp-20-219.bootp.virginia.edu>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

It *may* be less secure to ssh through a ssh tunnel but it is sometimes
necessary if the machine on the other end of the tunnel has telnet closed
and only allows ssh.

Charles

> -----Original Message-----
> From: owner-freebsd-security@FreeBSD.ORG
> [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Mipam
> Sent: Tuesday, May 01, 2001 1:24 PM
> To: Alex Popa
> Cc: security@FreeBSD.ORG
> Subject: Re: OpenSSH accepts any RSA key from host 127.0.0.1, even on
> non-default ports
>
>
> On Tue, May 01, 2001 at 11:16:16PM +0300, Alex Popa wrote:
> > The reason why this bothers me is that I sometimes use ssh to tunnel ssh
> > connections (blowfish encryption in a 3DES tunnel, anyone?)
>
> Some ppl think that using encryption to encrypt allrdy encrypted data
> is dubble secure. This is in general certainly not true.
> Instead, sometimes it becomes only easier to crack it.
> So i wouldnt advice to use ssh in a ssh tunnel to aviod possible
> problems like that.
> Bye,
>
> Mipam.
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message