[Fwd: Re: Why is port 22 open by default?]
northern snowfall
dbailey27 at ameritech.net
Sat May 10 04:30:36 PDT 2003
>
>
>Sounds like SSH is secure enough for me. Or is a 19 character password too
>short? :-)
>
SSH is not secure. Forget paranoia, think about design
and implementation. You're better off using IPsec and
{OTP, Kerberos logins, S/Key, ... } for secure login
infrastructure in a UNIX environment. SSH code,
especially OpenSSH, has been proven exploitable too
much for most serious security analysts to keep using
it for security-intense networks. By exploitable, I
don't just mean injection and execution of malicious
code, but, weaknesses in the base crypto. At least
IPsec obfuscates the underlying authentication
protocol and isn't targetable as a program.
Don (north_)
http://deadchildren.org/
>
More information about the freebsd-questions
mailing list