From owner-freebsd-security Thu Mar 28 15:48:27 2002 Delivered-To: freebsd-security@freebsd.org Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by hub.freebsd.org (Postfix) with ESMTP id A099C37B425 for ; Thu, 28 Mar 2002 15:47:02 -0800 (PST) Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by cactus.fi.uba.ar (8.11.6/8.11.6) with ESMTP id g2SNgeA15554; Thu, 28 Mar 2002 20:42:40 -0300 (ART) (envelope-from fgleiser@cactus.fi.uba.ar) Date: Thu, 28 Mar 2002 20:42:39 -0300 (ART) From: Fernando Gleiser To: Jesper Wallin Cc: Subject: Re: SSH or Telnet? In-Reply-To: <2823.213.112.58.135.1017350976.squirrel@phucking.kicks-ass.org> Message-ID: <20020328201100.E6672-100000@cactus.fi.uba.ar> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 28 Mar 2002, Jesper Wallin wrote: > Hey! > > > I've heard and seen alot of security problems related to SSH (OpenSSH) and > many of my friends have been playing with alot of 0day exploits for it.. > Right now I'm running the latest port version of it on a non-standard port > and hope to be secured with it.. I don't accualy see the reason to not use > Telnet.. All I know tells me it's old and recommend me running OpenSSH > instead.. Telnet also had some remote root vulnerabities. Every program has bugs. You need to keep them up to date and apply all the security fixes. Also, having sshd runing in a non standard port doesn't buy you much. There are scanners which try to verify which service is which port and they will find out it's ssh even if it is listening in port 31337. =0) > > What is the best solution? Ofcause peoples are able to attack me with > brute-force attacks and it's not encrypted.. well, all the peoples who've > shell/ssh access are trusted and I think they know what they do.. The people may be trusted, but are you sure you can trust the networks they are loging in from? Besides sniffing, ssh protects you against other threats: 1. ssh has some protection against IP spoofing. 2. ssh has stronger authentication methods. 3. ssh protects you against session hijacking. 4. ssh lets you authenticate the server to the client. 5. ssh lets you tunnel an insecure protocol (POP, IMAP) through an encrypted connection You can use an SSL enabled telnet or IPSec for the first four, but I find ssh easier to set up if all you need is remote login/shell/file transfer. Fer > > > Anyone have any idea/suggestion? > > //Jesper aka Z3l3zT > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message