Date: Sat, 10 May 2003 07:29:31 -0500 From: northern snowfall <dbailey27@ameritech.net> To: questions@freebsd.org Subject: [Fwd: Re: Why is port 22 open by default?] Message-ID: <3EBCF0AB.4080504@ameritech.net>
next in thread | raw e-mail | index | archive | help
>
>
>Sounds like SSH is secure enough for me. Or is a 19 character password too
>short? :-)
>
SSH is not secure. Forget paranoia, think about design
and implementation. You're better off using IPsec and
{OTP, Kerberos logins, S/Key, ... } for secure login
infrastructure in a UNIX environment. SSH code,
especially OpenSSH, has been proven exploitable too
much for most serious security analysts to keep using
it for security-intense networks. By exploitable, I
don't just mean injection and execution of malicious
code, but, weaknesses in the base crypto. At least
IPsec obfuscates the underlying authentication
protocol and isn't targetable as a program.
Don (north_)
http://deadchildren.org/
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3EBCF0AB.4080504>