From owner-freebsd-hackers Sat Dec 23 2: 4:28 2000 From owner-freebsd-hackers@FreeBSD.ORG Sat Dec 23 02:04:25 2000 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from spammie.svbug.com (unknown [198.79.110.2]) by hub.freebsd.org (Postfix) with ESMTP id 47B8B37B400 for ; Sat, 23 Dec 2000 02:04:25 -0800 (PST) Received: from spammie.svbug.com (localhost.mozie.org [127.0.0.1]) by spammie.svbug.com (8.9.3/8.9.3) with ESMTP id CAA21445; Sat, 23 Dec 2000 02:05:48 -0800 (PST) (envelope-from jessem@spammie.svbug.com) Message-Id: <200012231005.CAA21445@spammie.svbug.com> Date: Sat, 23 Dec 2000 02:05:46 -0800 (PST) From: opentrax@email.com Reply-To: opentrax@email.com Subject: Re: ssh - are you nuts?!? To: behanna@zbzoom.net Cc: hackers@FreeBSD.ORG In-Reply-To: MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii Sender: jessem@spammie.svbug.com Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 22 Dec, Chris BeHanna wrote: > On Sat, 23 Dec 2000, David Preece wrote: > >> At 15:37 22/12/00 -0800, you wrote: >> >> >The question asked is: why you believe ssh is beter than say >> >telnet. Or what advantages SSH has in general. >> >> Sorry, don't have time to reply to this properly. >> >> The main evil of ssh is that server authentication is not enforced, >> making mounting a man-in-the-middle attack basically trivial. > > Man-in-the-middle or not, the fact that your data aren't > transmitted in the clear automatically gives ssh a leg up over telnet, > rsh, rlogin, and ftp. (At least one large company I know of has > stated flatly, for example, that sending a root password over the wire > in the clear is grounds for immediate termination.) > Is it possible to get the name of that company? > You can certainly > do your own server authentication, by carrying your known hosts file > around on a floppy. ssh *does* warn you when you connect to a host > that isn't present in your known hosts file--this isn't happening > without your knowledge *and* consent. > Some people have stated that the "first contact" scenario is difficult to over come. How do you feel about that? > ssh may have its weaknesses, but telnet has little use other than > as a diagnostic tool, IMHO (I only use it to send protocol commands to > popd or sendmail these days). I'd *hardly* characterize ssh as "evil". > I don't beleive I've ever said SSH is evil. It seems to be a common interpetation of the statement I made. I see that I'll have to make note of that in my talk. Are there any other points you feel might be either a "plus" or "minus" in behalf of ssh? Jessem. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message