[H-GEN] What can i use instead of SSHD?

Edwin Groothuis edwin at mavetju.org
Thu Jun 27 02:30:15 EDT 2002 

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

On Thu, Jun 27, 2002 at 04:00:06PM +1000, Dan Roe wrote:
> [ Humbug *General* list - semi-serious discussions about Humbug and     ]
> [ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
> 
> Seems to me like SSH is becoming more insecure than FTP/HTTP/Telnet

You're mixing up between protocol and implementation...

The data going over a standard http/telnet/ftp link is unencrypted,
that means everybody can see your data. Big deal? 99% of the time,
yes. It's the 1% of the time when you send sensitive information
(passwords come in mind, but also real sensitive information like
database-transactions) over, that's why you need encryption for.

Authentication too. If I connect to a remote computer, how do I
know it's that computer? And if I was connected to one I was on
yesterday, how do I know that it's the same for today?

> Today CERT tells me everything but OpenSSH 3.4 is remotly exploitable
> So i suggest you all update your ssh server
> Im wondering what else i could use instead of SSHD

A commercial SSH server? Or write your own if you don't trust them
nor the one from the OpenSSH team.

Best thing is to make your infrastructure encrypted. Pretty expensive.
Next best thing is to use IPSec tunnels from your work-machine to
the servers you're working on. Yes, it requires some administrative
work. Yes, it requires some massive adminstrative work. But in the
end all the traffic between your workstation and that host will be
encrypted. No need for SSH, just use telnet. Nobody can see what's
going over the network.

Like I've been telling somebody else today, I still have 100%
confidence in the SSH protocol. I even have 100% confidence in the
OpenSSH implementation. Just have to make sure I'm running the last
version:
[~] edwin at k7>pkg_version -vs ssh
openssh-portable-3.4p1              =   up-to-date with port

Close enough :-)

Edwin

-- 
Edwin Groothuis      |           Personal website: http://www.MavEtJu.org
edwin at mavetju.org    |        Interested in MUDs? Visit Fatal Dimensions:
bash$ :(){ :|:&};:   |                    http://www.FatalDimensions.org/

--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/

More information about the General mailing list