From owner-freebsd-questions  Mon Nov  5 12:15:45 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from lists.blarg.net (lists.blarg.net [206.124.128.17])
	by hub.freebsd.org (Postfix) with ESMTP id AF2DE37B419
	for <questions@FreeBSD.ORG>; Mon,  5 Nov 2001 12:15:39 -0800 (PST)
Received: from thig.blarg.net (thig.blarg.net [206.124.128.18])
	by lists.blarg.net (Postfix) with ESMTP
	id 4FF5CBC73; Mon,  5 Nov 2001 12:15:39 -0800 (PST)
Received: from localhost.localdomain ([206.124.139.115])
	by thig.blarg.net (8.9.3/8.9.3) with ESMTP id MAA01282;
	Mon, 5 Nov 2001 12:15:39 -0800
Received: (from jojo@localhost)
	by localhost.localdomain (8.11.6/8.11.3) id fA5KDfe59230;
	Mon, 5 Nov 2001 12:13:41 -0800 (PST)
	(envelope-from swear@blarg.net)
To: Ben Eisenbraun <bene@klatsch.org>
Cc: questions@FreeBSD.ORG
Subject: Re: Lockdown of FreeBSD machine directly on Net
References: <15330.23714.263323.466739@guru.mired.org>
	<00b501c1637b$1cd2f880$0a00000a@atkielski.com>
	<20011102095554.A38169@student.uu.se>
	<00d801c1637c$d3264640$0a00000a@atkielski.com>
	<20011102055416.B67495@klatsch.org>
	<8s668sdck9.68s@localhost.localdomain>
	<20011105043613.A90073@klatsch.org>
From: swear@blarg.net (Gary W. Swearingen)
Date: 05 Nov 2001 12:13:41 -0800
In-Reply-To: <20011105043613.A90073@klatsch.org>
Message-ID: <2xd72x9dsa.72x@localhost.localdomain>
Lines: 17
User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.1 (Cuyahoga Valley)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Ben Eisenbraun <bene@klatsch.org> writes:

> As a general rule, I try to trust as little as possible.  How long will 
> it be before some bright hacker discovers the next flaw in the ssh 
> protocol implementation?

I was thinking that as soon as they break ssh, they won't just reduce
your security to that of an unencrypted network, but to one in which they 
may easily sniff passwords. so that su-ers and sudo-ers need to trust
ssh as much as root-ers do.  Just a hunch; I really don't know.  It
probably depends on how ssh would be broken.

> In any case, thanks for the question, Gary.  It's always good to be asked 
> to examine my assumptions.

And thanks for the research and answer.  I'm happy to see that I've 
met all of your provisos (except I don't log).

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message