From owner-freebsd-hackers Fri Dec 22 23:27:40 2000 From owner-freebsd-hackers@FreeBSD.ORG Fri Dec 22 23:27:38 2000 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from citusc.usc.edu (citusc.usc.edu [128.125.38.123]) by hub.freebsd.org (Postfix) with ESMTP id 3BECD37B400 for ; Fri, 22 Dec 2000 23:27:38 -0800 (PST) Received: (from kris@localhost) by citusc.usc.edu (8.9.3/8.9.3) id XAA08126; Fri, 22 Dec 2000 23:28:08 -0800 Date: Fri, 22 Dec 2000 23:28:07 -0800 From: Kris Kennaway To: David Preece Cc: opentrax@email.com, freebsd-hackers@FreeBSD.ORG Subject: Re: ssh - are you nuts?!? Message-ID: <20001222232807.A8092@citusc.usc.edu> References: <200012222337.PAA20885@spammie.svbug.com> <5.0.0.25.1.20001223132307.01b00b70@pop3.i4free.co.nz> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="9jxsPFA5p3P2qPhR" Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <5.0.0.25.1.20001223132307.01b00b70@pop3.i4free.co.nz>; from davep@afterswish.com on Sat, Dec 23, 2000 at 01:25:11PM +1300 Sender: kris@citusc.usc.edu Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --9jxsPFA5p3P2qPhR Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Dec 23, 2000 at 01:25:11PM +1300, David Preece wrote: > At 15:37 22/12/00 -0800, you wrote: >=20 > >The question asked is: why you believe ssh is beter > >than say telnet. Or what advantages SSH has in general. >=20 > Sorry, don't have time to reply to this properly. >=20 > The main evil of ssh is that server authentication is not enforced, makin= g=20 > mounting a man-in-the-middle attack basically trivial. Incorrect..the problems with SSH come down to flaws in the human operator who ignore the warnings SSH gives them, and tell it explicitly to do insecure things like connect to a server which is suddenly not the one you're used to connecting to. These flaws can be all but eliminated by telling SSH to not even give the poor weak confused human the choice of answering yes to the question, by setting of a simple configuration option. JMJr, a good place to start your talk on "The Evils of SSH" might be the Pavlovian conditioning of humans to answer "Yes" to every question a computer gives them..focus on the real problem here. Kris --9jxsPFA5p3P2qPhR Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6RFQHWry0BWjoQKURAiyeAJ48Zyz/CY1QfBw7yxqPi5C2mSstJQCZAY/O sZBEeUq7F7HXq7JToUWMaRk= =aWwR -----END PGP SIGNATURE----- --9jxsPFA5p3P2qPhR-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message