From owner-freebsd-questions@FreeBSD.ORG Sat May 10 04:39:18 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9D4E337B401 for ; Sat, 10 May 2003 04:39:18 -0700 (PDT) Received: from tulip.epweb.co.za (tulip.epweb.co.za [196.14.166.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id A77B943FDD for ; Sat, 10 May 2003 04:39:13 -0700 (PDT) (envelope-from ultraviolet@tulip.epweb.co.za) Received: from tulip.epweb.co.za (localhost.epweb.co.za [127.0.0.1]) by tulip.epweb.co.za (8.12.9/8.12.9) with ESMTP id h4ABdftf025938; Sat, 10 May 2003 13:39:41 +0200 (SAST) (envelope-from ultraviolet@tulip.epweb.co.za) Received: (from ultraviolet@localhost) by tulip.epweb.co.za (8.12.9/8.12.9/Submit) id h4ABda4J025937; Sat, 10 May 2003 13:39:36 +0200 (SAST) Date: Sat, 10 May 2003 13:39:36 +0200 From: William Fletcher To: northern snowfall Message-ID: <20030510113935.GD92087@tulip.epweb.co.za> References: <3EBCF0AB.4080504@ameritech.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="cQXOx3fnlpmgJsTP" Content-Disposition: inline In-Reply-To: <3EBCF0AB.4080504@ameritech.net> User-Agent: Mutt/1.4i cc: freebsd-questions@freebsd.org Subject: Re: [Fwd: Re: Why is port 22 open by default?] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: ultraviolet@epweb.co.za List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 May 2003 11:39:19 -0000 --cQXOx3fnlpmgJsTP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, OpenSSH has had issues with trivial things from what I've seen. Although, the trojaning incident and OpenBSD's servers running solaris was a good laugh. Rather just firewall everything else on the network out of it. Thats what I do, that way I can still scp and I just keep it up to date. And if you aren't using IPSec already, you are asking for it ;) Besides, when was the last bug in OpenSSH? :) On Sat, May 10, 2003 at 07:29:31AM -0500, northern snowfall wrote: > > > > > >Sounds like SSH is secure enough for me. Or is a 19 character password t= oo=20 > >short? :-) > > > SSH is not secure. Forget paranoia, think about design > and implementation. You're better off using IPsec and > {OTP, Kerberos logins, S/Key, ... } for secure login > infrastructure in a UNIX environment. SSH code, > especially OpenSSH, has been proven exploitable too > much for most serious security analysts to keep using > it for security-intense networks. By exploitable, I > don't just mean injection and execution of malicious > code, but, weaknesses in the base crypto. At least > IPsec obfuscates the underlying authentication > protocol and isn't targetable as a program. > Don (north_) > http://deadchildren.org/ >=20 > > >=20 >=20 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" --=20 William Fletcher=20 Epweb's clown.=20 http://www.vision.za.net/irc/ || IRC addict ultraviolet on irc.epweb.co.za= =20 Uber FreeBSD! http://www.FreeBSD.org/ --cQXOx3fnlpmgJsTP Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+vOT3ju3fq0dMPxsRAoJLAJ9KK8qAMc2Gr0hCKGG9VW+l22kRsACeOikL O8c0vC7K+9CKtJaTXddv9mk= =oHKy -----END PGP SIGNATURE----- --cQXOx3fnlpmgJsTP--