Date: Thu, 28 Mar 2002 15:45:51 -0600 From: Christopher Schulte <schulte+freebsd@nospam.schulte.org> To: "Jesper Wallin" <z3l3zt@phucking.kicks-ass.org>, <security@freebsd.org> Subject: Re: SSH or Telnet? Message-ID: <5.1.0.14.0.20020328153833.04cd4438@pop3s.schulte.org> In-Reply-To: <2823.213.112.58.135.1017350976.squirrel@phucking.kicks-ass .org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 10:29 PM 3/28/2002 +0100, Jesper Wallin wrote: >Hey! > > >I've heard and seen alot of security problems related to SSH (OpenSSH) and >many of my friends have been playing with alot of 0day exploits for it.. >Right now I'm running the latest port version of it on a non-standard port >and hope to be secured with it.. I don't accualy see the reason to not use >Telnet.. All I know tells me it's old and recommend me running OpenSSH >instead.. Like any piece of software attached to a public network port, there are risks of bugs being discovered that can lead to problems. SSHD is not the only network service to have problems. There have been semi-recent telnetd problems, too. Switching to telnet would not make your systems any more secure. In fact the loss of encryption would only decrease security/privacy. Running the service on a non standard port may fool some kid-scannerz, but you cannot rely on this for any added security. >What is the best solution? Ofcause peoples are able to attack me with >brute-force attacks and it's not encrypted.. well, all the peoples who've >shell/ssh access are trusted and I think they know what they do.. Your users may be trusted, but someone who snoops username/password pairs in transit might not be. >Anyone have any idea/suggestion? A few to start: use SSH wherever possible, packet filter the port to trusted hosts if you're overly paranoid and this is workable with your users, watch the security lists for new vulnerabilities, apply critical patches promptly, have an IDS, keep backups. >//Jesper aka Z3l3zT -- Christopher Schulte http://www.schulte.org/ Do not un-munge my @nospam.schulte.org email address. This address is valid. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20020328153833.04cd4438>