[Fwd: Re: Why is port 22 open by default?]
William Fletcher
ultraviolet at epweb.co.za
Sat May 10 04:39:19 PDT 2003
Hi,
OpenSSH has had issues with trivial things from what I've seen.
Although, the trojaning incident and OpenBSD's servers running solaris was
a good laugh.
Rather just firewall everything else on the network out of it.
Thats what I do, that way I can still scp and I just keep it up to date.
And if you aren't using IPSec already, you are asking for it ;)
Besides, when was the last bug in OpenSSH? :)
On Sat, May 10, 2003 at 07:29:31AM -0500, northern snowfall wrote:
> >
> >
> >Sounds like SSH is secure enough for me. Or is a 19 character password too
> >short? :-)
> >
> SSH is not secure. Forget paranoia, think about design
> and implementation. You're better off using IPsec and
> {OTP, Kerberos logins, S/Key, ... } for secure login
> infrastructure in a UNIX environment. SSH code,
> especially OpenSSH, has been proven exploitable too
> much for most serious security analysts to keep using
> it for security-intense networks. By exploitable, I
> don't just mean injection and execution of malicious
> code, but, weaknesses in the base crypto. At least
> IPsec obfuscates the underlying authentication
> protocol and isn't targetable as a program.
> Don (north_)
> http://deadchildren.org/
>
> >
>
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
--
William Fletcher
Epweb's clown.
http://www.vision.za.net/irc/ || IRC addict ultraviolet on irc.epweb.co.za
Uber FreeBSD! http://www.FreeBSD.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20030510/50070da3/attachment.bin
More information about the freebsd-questions
mailing list