Date: Wed, 20 Dec 2000 19:32:44 -0800 (PST) From: Roger Marquis <marquis@roble.com> To: security@FreeBSD.ORG Subject: Re: dsniff 2.3 info: Message-ID: <Pine.BSF.4.21.0012201911130.62145-100000@roble.com> In-Reply-To: <bulk.5724.20001219042134@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Mikhail Kruk <meshko@cs.brandeis.edu> wrote: > In my experience due to bad administrators who screw up ssh installations > those keys change after every OS upgrade and users get used to answering > "yes" to this question. Bad administrators? You must be joking. You only need to look at a couple of the ssh ports to see where the problem is (in FreeBSD at least). For example, if I install ssh from ports it won't upgrade the pre-installed system ssh but will instead add a second copy in different directories. Now we have 2 (or more) different revisions on the same system and a user will get either one or the other depending on their $PATH. Second, while Kris Kennaway was good enough to upgrade ssh1 to check /etc/inetd.conf before installing a startup script none of the other ssh ports do this basic check. Third, the sshd_config and ssh_config defaults are less than optimal. Fourth, the error message triggered by a key change is too terse to be very helpful to your average end-user. IMHO, his has little or nothing to do with administrators or end-users. -- Roger Marquis Roble Systems Consulting http://www.roble.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0012201911130.62145-100000>