Date: Tue, 01 May 2001 20:36:41 -0400 From: Daniel Hagan <dhagan@colltech.com> To: oldfart@gtonet.net Cc: "security@FreeBSD. ORG" <security@FreeBSD.ORG> Subject: Re: OpenSSH accepts any RSA key from host 127.0.0.1, even on non-default ports Message-ID: <3AEF5699.9CE7939A@colltech.com> References: <BIEHKEFNHFMMJEKCDMLNMEEICIAA.oldfart@gtonet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Double encryption is only a big problem when done using the same cipher system (as I recall). I suspect using different ciphers, as the original author indicated, would be fine. As far as the original question: Try setting StrictHostKeyChecking to 'yes' either in your configuration file or on the command line (with -o ...). You'll have to manually update the known_hosts file when you change tunnels (or run ssh w/o the SHKC directive). I suspect you could manually change the IP's in the known_hosts file to other 127.x.x.x ones as long as you remembered which IP went to which tunnel. See ssh(1) manpage for more info. I haven't tested this, so YMMV. Daniel Charles Ulysses Farley wrote: > > It *may* be less secure to ssh through a ssh tunnel but it is sometimes > necessary if the machine on the other end of the tunnel has telnet closed > and only allows ssh. > > Charles > > > -----Original Message----- > > From: owner-freebsd-security@FreeBSD.ORG > > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Mipam > > > > Some ppl think that using encryption to encrypt allrdy encrypted data > > is dubble secure. This is in general certainly not true. > > Instead, sometimes it becomes only easier to crack it. > > So i wouldnt advice to use ssh in a ssh tunnel to aviod possible > > problems like that. > > Bye, > > > > Mipam. -- Consultant, Collective Technologies http://www.collectivetech.com/ Use PGP for confidential e-mail. http://www.pgp.com/products/freeware/ Key Id: 0xD44F15B1 3FA0 D899 4530 702F 72B0 5A17 C2A5 2C2B D22F 15B1 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AEF5699.9CE7939A>