[H-GEN] What can i use instead of SSHD?
Mark Suter
suter at zwitterion.humbug.org.au
Thu Jun 27 02:30:14 EDT 2002
[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
Folks,
On 2002-06-27, Dan Roe wrote:
> Today CERT tells me everything but OpenSSH 3.4 is remotly exploitable
> So i suggest you all update your ssh server
http://www.cert.org/advisories/CA-2002-18.html
http://www.debian.org/security/2002/dsa-134
> Seems to me like SSH is becoming more insecure than FTP/HTTP/Telnet
> Im wondering what else i could use instead of SSHD
Fundamentally, ssh is more useful and secure than plain telnet.
The vulnerability reported is serious, but not exploitable in
many cases. Good security practices, like Defence in Depth,
would have protect most people from this vulnerability.
Alternatives should be considered - one such alternative is
telnet-ssl.
http://packages.debian.org/stable/non-us/telnet-ssl.html
Yours sincerely,
-- Mark John Suter | I know that you believe you understand
suter at humbug.org.au | what you think I said, but I am not sure
gpg key id 2C71D63D | you realise that what you heard is not
mobile 0411 262 316 | what I meant. Robert J. McCloskey
--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'. See http://www.humbug.org.au/
More information about the General
mailing list