From owner-freebsd-hackers Fri Dec 22 16:41:23 2000 From owner-freebsd-hackers@FreeBSD.ORG Fri Dec 22 16:41:21 2000 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from topperwein.dyndns.org (acs-24-154-28-99.zoominternet.net [24.154.28.99]) by hub.freebsd.org (Postfix) with ESMTP id B15C537B400 for ; Fri, 22 Dec 2000 16:41:20 -0800 (PST) Received: from topperwein.dyndns.org (topperwein.dyndns.org [192.168.168.10]) by topperwein.dyndns.org (8.11.1/8.11.1) with ESMTP id eBN0gKP10906 for ; Fri, 22 Dec 2000 19:42:20 -0500 (EST) (envelope-from behanna@zbzoom.net) Date: Fri, 22 Dec 2000 19:42:20 -0500 (EST) From: Chris BeHanna Sender: behanna@zbzoom.net Reply-To: behanna@zbzoom.net To: hackers@freebsd.org Subject: Re: ssh - are you nuts?!? In-Reply-To: <5.0.0.25.1.20001223132307.01b00b70@pop3.i4free.co.nz> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, 23 Dec 2000, David Preece wrote: > At 15:37 22/12/00 -0800, you wrote: > > >The question asked is: why you believe ssh is beter than say > >telnet. Or what advantages SSH has in general. > > Sorry, don't have time to reply to this properly. > > The main evil of ssh is that server authentication is not enforced, > making mounting a man-in-the-middle attack basically trivial. Man-in-the-middle or not, the fact that your data aren't transmitted in the clear automatically gives ssh a leg up over telnet, rsh, rlogin, and ftp. (At least one large company I know of has stated flatly, for example, that sending a root password over the wire in the clear is grounds for immediate termination.) You can certainly do your own server authentication, by carrying your known hosts file around on a floppy. ssh *does* warn you when you connect to a host that isn't present in your known hosts file--this isn't happening without your knowledge *and* consent. ssh may have its weaknesses, but telnet has little use other than as a diagnostic tool, IMHO (I only use it to send protocol commands to popd or sendmail these days). I'd *hardly* characterize ssh as "evil". -- Chris BeHanna Software Engineer behanna@bogus.zbzoom.net Remove "bogus" before responding. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message