Date: Sat, 23 Mar 2002 00:26:08 -0800 From: Benjamin Krueger <benjamin@macguire.net> To: Charles Burns <burnscharlesn@hotmail.com> Cc: shovey@buffnet.net, csfbsd@raggedclown.net, FreeBSD-questions@FreeBSD.ORG Subject: Re: So long and thanks for all the fish Message-ID: <20020323002608.B20699@rain.macguire.net> In-Reply-To: <F61GQUEYvZmDvHbYxPo0000a6bd@hotmail.com>; from burnscharlesn@hotmail.com on Sat, Mar 23, 2002 at 12:32:41AM -0700 References: <F61GQUEYvZmDvHbYxPo0000a6bd@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
* Charles Burns (burnscharlesn@hotmail.com) [020322 23:30]: > >SSH has BIG security problems.. Ive been cracked ONCE - the week I ran SSH > >- an not since I pulled it out.. and i got slammed for sayin that too.. > > > >So the moral is - if it smells like a fish, it probably is. > > A play on words for OpenBSD's mascot? :-) > > Thinking about it, are there really any compelling reasons to use SSH for > most tasks (like command shells) when the likelyhood of being packet sniffed > is (in most environments) far lower than the likelyhood of a serious > security flaw popping up in SSH, which happens occasionally? Other than one > recent bug, Telnet has a better record and is likely to have less holes > found down the road because it is so much simpler (and FAR easier to setup > properly!) Ever read the telnet client's source? Nothing simple about that. Hell, there's an elementary buffer overflow in the code to grok user input. I haven't submitted a PR yet (bad ben), but while you mention it, if anyone has the telnet client set suid, please unset it. =) Telnet's history is long and fraught with holes, just like any software. The moral of the story is not to give up software because it has a hole, but to manage that software intelligently. For instance, if ssh has bugs to wrinkle out, use an ACL. An ssh daemon that can't be reach can't be exploited. -- Benjamin Krueger "Life is far too important a thing ever to talk seriously about." - Oscar Wilde (1854 - 1900) ---------------------------------------------------------------- Send mail w/ subject 'send public key' or query for (0x251A4B18) Fingerprint = A642 F299 C1C1 C828 F186 A851 CFF0 7711 251A 4B18 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020323002608.B20699>