From owner-freebsd-security  Fri Jun 22  5:38:56 2001
Delivered-To: freebsd-security@freebsd.org
Received: from gw.nectar.com (gw.nectar.com [208.42.49.153])
	by hub.freebsd.org (Postfix) with ESMTP id 3A94237B403
	for <freebsd-security@FreeBSD.ORG>; Fri, 22 Jun 2001 05:38:53 -0700 (PDT)
	(envelope-from nectar@nectar.com)
Received: by gw.nectar.com (Postfix, from userid 1001)
	id 93F40AF21D; Fri, 22 Jun 2001 07:38:52 -0500 (CDT)
Date: Fri, 22 Jun 2001 07:38:52 -0500
From: "Jacques A. Vidrine" <n@nectar.com>
To: Sheldon Hearn <sheldonh@starjuice.net>
Cc: Stanley Hopcroft <Stanley.Hopcroft@IPAustralia.gov.au>,
	freebsd-security@FreeBSD.ORG
Subject: Re: SSH and/or Kerberos experience
Message-ID: <20010622073852.A8633@hellblazer.nectar.com>
Mail-Followup-To: "Jacques A. Vidrine" <n@nectar.com>,
	Sheldon Hearn <sheldonh@starjuice.net>,
	Stanley Hopcroft <Stanley.Hopcroft@IPAustralia.gov.au>,
	freebsd-security@FreeBSD.ORG
References: <20010622100034.B788@IPAustralia.Gov.AU> <2323.993202300@axl.seasidesoftware.co.za>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <2323.993202300@axl.seasidesoftware.co.za>; from sheldonh@starjuice.net on Fri, Jun 22, 2001 at 11:31:40AM +0200
X-Url: http://www.nectar.com/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Fri, Jun 22, 2001 at 11:31:40AM +0200, Sheldon Hearn wrote:
> Use both, in other words, Kerberized SSH.  Kerberos scores you
> ticket-based authentication, while SSH scores you an encrypted session.

Of course,  Kerberized applications  (e.g. TELNET) typically  also use
encryption of the  data stream.  Currently SSH  offers more algorithms
for this, though.

Personally  I  use all  three  of  Kerberized  SSH, TELNET,  and  FTP,
depending upon what I want to  accomplish.  I find SSH very convenient
as an rsh/rcp replacement; I prefer TELNET's terminal handling; I find
FTP best for large transfers and remote file management.

Cheers,
-- 
Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message