From owner-freebsd-security  Thu Mar 28 13:36: 9 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mail.microbsd.net (ns1.microbsd.net [4.23.122.10])
	by hub.freebsd.org (Postfix) with ESMTP id 7D32D37B419
	for <security@freebsd.org>; Thu, 28 Mar 2002 13:35:57 -0800 (PST)
Received: from 127.0.0.1 (localhost.microbsd.net [127.0.0.1])
	by mail.microbsd.net (Postfix) with SMTP
	id D9A041F08; Thu, 28 Mar 2002 16:29:38 -0500 (EST)
Received: from vaio.microbsd.net (unknown [65.162.182.48])
	by mail.microbsd.net (Postfix) with ESMTP
	id 4634E1F05; Thu, 28 Mar 2002 16:29:38 -0500 (EST)
Subject: Re: SSH or Telnet?
From: kerberus <kerberus@microbsd.net>
To: Jesper Wallin <z3l3zt@phucking.kicks-ass.org>
Cc: security@freebsd.org
In-Reply-To:
	<2823.213.112.58.135.1017350976.squirrel@phucking.kicks-ass.org>
References: <2823.213.112.58.135.1017350976.squirrel@phucking.kicks-ass.org>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Evolution/1.0.2-5mdk 
Date: 28 Mar 2002 16:34:58 -0500
Message-Id: <1017351299.4219.59.camel@vaio.microbsd.net>
Mime-Version: 1.0
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Do the term "clear text passwords" for telnet put fear into the thought
of using it ??? everything ssh does is encrypted, you cant sniff the
usernames/passwords in ssh

> I've heard and seen alot of security problems related to SSH (OpenSSH) and
> many of my friends have been playing with alot of 0day exploits for it..
> Right now I'm running the latest port version of it on a non-standard port
> and hope to be secured with it.. I don't accualy see the reason to not use
> Telnet.. All  I know tells me it's old and recommend me running OpenSSH
> instead..
> 
> What is the best solution? Ofcause peoples are able to attack me with
> brute-force attacks and it's not encrypted.. well, all the peoples who've
> shell/ssh access are trusted and I think they know what they do..
> 
> 
> Anyone have any idea/suggestion?
> 
> //Jesper aka Z3l3zT
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message