From owner-freebsd-security Tue Jul 29 15:30:35 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id PAA17208 for security-outgoing; Tue, 29 Jul 1997 15:30:35 -0700 (PDT) Received: from verdi.nethelp.no (verdi.nethelp.no [195.1.171.130]) by hub.freebsd.org (8.8.5/8.8.5) with SMTP id PAA17189 for ; Tue, 29 Jul 1997 15:30:28 -0700 (PDT) From: sthaug@nethelp.no Received: (qmail 5885 invoked by uid 1001); 29 Jul 1997 22:30:24 +0000 (GMT) To: vince@mail.MCESTATE.COM Cc: freebsd-security@FreeBSD.ORG Subject: Re: securelevel (was: Re: security hole in FreeBSD) In-Reply-To: Your message of "Tue, 29 Jul 1997 14:46:11 -0700 (PDT)" References: X-Mailer: Mew version 1.05+ on Emacs 19.28.2 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Date: Wed, 30 Jul 1997 00:30:24 +0200 Message-ID: <5883.870215424@verdi.nethelp.no> Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk [cc list trimmed] > I was considering installing ssh but there is only one problem. > I use Win95 from my own side at times for various reasons as well as > the other remote admins. So a ssh client does cost money. We're > volunteers and are not getting paid in any shape or form. The ssh client for Windows is $99. Educational sites are eligible for a 50% discount. Or you could run the FreeBSD version - for free. It sounds like you're saying that the extra hassle you and your fellow system administrators (and your users) are having because of the breakin is worth less that $99. Are you sure you have your priorities straight? (For comparison - I run ssh for practically *all* remote logins, even on the same LAN. ssh won't solve all your security problems, but it can be an important *part* of better security.) With respect to passwords, your goal should be that no password is sent in the clear. Ever. This is difficult to reach, but you'll find it helps you to focus on security quite a bit. Steinar Haug, Nethelp consulting, sthaug@nethelp.no