From owner-freebsd-questions Sat Mar 23 0:29:40 2002 Delivered-To: freebsd-questions@freebsd.org Received: from rain.macguire.net (sense-sea-MegaSub-1-125.oz.net [216.39.144.125]) by hub.freebsd.org (Postfix) with ESMTP id E259C37B404 for ; Sat, 23 Mar 2002 00:29:36 -0800 (PST) Received: (from roo@localhost) by rain.macguire.net (8.11.6/8.11.6) id g2N8Q8e31110; Sat, 23 Mar 2002 00:26:08 -0800 (PST) (envelope-from roo) Date: Sat, 23 Mar 2002 00:26:08 -0800 From: Benjamin Krueger To: Charles Burns Cc: shovey@buffnet.net, csfbsd@raggedclown.net, FreeBSD-questions@FreeBSD.ORG Subject: Re: So long and thanks for all the fish Message-ID: <20020323002608.B20699@rain.macguire.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from burnscharlesn@hotmail.com on Sat, Mar 23, 2002 at 12:32:41AM -0700 X-PGP-Key: http://www.macguire.net/benjamin/public_key.asc Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG * Charles Burns (burnscharlesn@hotmail.com) [020322 23:30]: > >SSH has BIG security problems.. Ive been cracked ONCE - the week I ran SSH > >- an not since I pulled it out.. and i got slammed for sayin that too.. > > > >So the moral is - if it smells like a fish, it probably is. > > A play on words for OpenBSD's mascot? :-) > > Thinking about it, are there really any compelling reasons to use SSH for > most tasks (like command shells) when the likelyhood of being packet sniffed > is (in most environments) far lower than the likelyhood of a serious > security flaw popping up in SSH, which happens occasionally? Other than one > recent bug, Telnet has a better record and is likely to have less holes > found down the road because it is so much simpler (and FAR easier to setup > properly!) Ever read the telnet client's source? Nothing simple about that. Hell, there's an elementary buffer overflow in the code to grok user input. I haven't submitted a PR yet (bad ben), but while you mention it, if anyone has the telnet client set suid, please unset it. =) Telnet's history is long and fraught with holes, just like any software. The moral of the story is not to give up software because it has a hole, but to manage that software intelligently. For instance, if ssh has bugs to wrinkle out, use an ACL. An ssh daemon that can't be reach can't be exploited. -- Benjamin Krueger "Life is far too important a thing ever to talk seriously about." - Oscar Wilde (1854 - 1900) ---------------------------------------------------------------- Send mail w/ subject 'send public key' or query for (0x251A4B18) Fingerprint = A642 F299 C1C1 C828 F186 A851 CFF0 7711 251A 4B18 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message