Date: Mon, 29 Oct 2001 16:56:01 -0800 From: "Crist J. Clark" <cristjc@earthlink.net> To: Kutulu <kutulu@kutulu.org> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Two sshd questions... Message-ID: <20011029165601.D224@gohan.cjclark.org> In-Reply-To: <003901c16000$ee0b0290$88682518@longhill1.md.home.com>; from kutulu@kutulu.org on Sun, Oct 28, 2001 at 05:36:01PM -0500 References: <003901c16000$ee0b0290$88682518@longhill1.md.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Oct 28, 2001 at 05:36:01PM -0500, Kutulu wrote: > Two (unrelated) questions regarding ssh, and OpenSSH in particular: > > 1. Is there a way to prevent the ssh client from overriding options in > /etc/ssh/ssh_config? Not without hacking the source code to prevent it. Even if you do, how do you plan to prevent the user from downloading his own version of SSH to his account without the customizations? > 2. A more 'best practices' questions: Which is the preferred version of ssh > to be running? IMHO (and this is probably the majority opinion), the latest version of your favorite vendor's (like OpenSSH) SSH2 client is the way to go. There are fundamental design issues in the SSH1 protocol which make it inherently less secure than SSH2. As for DSA versus RSA, there is an old saying, "If the cryptography is the weakest part of your protocol, you have the world's most secure protocol." From a practical standpoint, DSA and RSA keys are not breakable. It's kind of like worrying about 128-bit versus 112-bit symetric keys. Nobody can crack 112-bits before the sun dies out, so why worry. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011029165601.D224>