From owner-freebsd-questions  Thu Jan  1 12:37:15 1998
Return-Path: <owner-freebsd-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id MAA06172
          for questions-outgoing; Thu, 1 Jan 1998 12:37:15 -0800 (PST)
          (envelope-from owner-freebsd-questions)
Received: from mhv.net (root@spice.mhv.net [199.0.0.21])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id MAA06167
          for <questions@FreeBSD.ORG>; Thu, 1 Jan 1998 12:37:12 -0800 (PST)
          (envelope-from mgraffam@mhv.net)
From: mgraffam@mhv.net
Received: from localhost (qripto@port108.mhv.net [206.229.41.36]) by mhv.net (8.8.5/8.7.3) with SMTP id PAA07278; Thu, 1 Jan 1998 15:37:03 -0500
Date: Thu, 1 Jan 1998 15:31:28 -0500 (EST)
X-Sender: qripto@localhost
To: Steve Hovey <shovey@buffnet.net>
cc: questions@FreeBSD.ORG
Subject: Re: HACKED (again)
In-Reply-To: <Pine.BSI.3.95.980101111731.24847F-100000@buffnet11.buffnet.net>
Message-ID: <Pine.LNX.3.96.980101152832.28029B-100000@localhost>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 1 Jan 1998, Steve Hovey wrote:
> I personally dont trust ssh - I have no other reason not to trust it than
> that I suffered a root incursion once shortly after installing it - since
> it was the last thing in, I did not reinstall it when I rebuilt the
> system.

I dont think this is necessarily a problem with ssh. Ssh's security can
be circumvented through the insecurity of other things that are running,
such as ftp.

While I havent looked over every line of ssh source, what I have seen
shows good technique against programming glitches that allow root access
through broken suid programs, and the crypto looks fine when compared
against other (trusted) implementations.


Michael J. Graffam (mgraffam@mhv.net)
http://www.mhv.net/~mgraffam -- Philosophy, Religion, Computers, Crypto, etc
"Enlightenment is man's emergence from his self-incurred immaturity.
Immaturity is the inability to use one's own understanding without the
guidance of another. . .Sapere aude! Have the courage to use your own
understanding!" - Immanuel Kant "What is Enlightenment?"

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQCVAwUBNKv9JQKEiLNUxnAfAQFhqgP9GAWbMZ+F1/dx634ia2suM3A++O59vDo3
n5tQZq6sCOR4Sa6tDdhxNnR60XVWXQ4MESHut/FuyI19ncq3AvBxrp489OU9C5Mx
rNTtbqFX2zHpxgUQo53RiGO00aPCsZSr54DySSRmv65XiT8WBbRT/Ty9p+80hjH7
9XDLgm0Dmhw=
=RcAE
-----END PGP SIGNATURE-----