Date: Fri, 22 Dec 2000 19:42:20 -0500 (EST) From: Chris BeHanna <behanna@zbzoom.net> To: hackers@freebsd.org Subject: Re: ssh - are you nuts?!? Message-ID: <Pine.BSF.4.21.0012221936391.10813-100000@topperwein.dyndns.org> In-Reply-To: <5.0.0.25.1.20001223132307.01b00b70@pop3.i4free.co.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 23 Dec 2000, David Preece wrote:
> At 15:37 22/12/00 -0800, you wrote:
>
> >The question asked is: why you believe ssh is beter than say
> >telnet. Or what advantages SSH has in general.
>
> Sorry, don't have time to reply to this properly.
>
> The main evil of ssh is that server authentication is not enforced,
> making mounting a man-in-the-middle attack basically trivial.
Man-in-the-middle or not, the fact that your data aren't
transmitted in the clear automatically gives ssh a leg up over telnet,
rsh, rlogin, and ftp. (At least one large company I know of has
stated flatly, for example, that sending a root password over the wire
in the clear is grounds for immediate termination.) You can certainly
do your own server authentication, by carrying your known hosts file
around on a floppy. ssh *does* warn you when you connect to a host
that isn't present in your known hosts file--this isn't happening
without your knowledge *and* consent.
ssh may have its weaknesses, but telnet has little use other than
as a diagnostic tool, IMHO (I only use it to send protocol commands to
popd or sendmail these days). I'd *hardly* characterize ssh as "evil".
--
Chris BeHanna
Software Engineer
behanna@bogus.zbzoom.net Remove "bogus" before responding.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0012221936391.10813-100000>