Re: Securing Linux

From: Les Mikesell (lesmikesell_at_comcast.net)
Date: 10/11/03 

Date: Sat, 11 Oct 2003 17:44:51 GMT

"Nico Kadel-Garcia" <nkadel@comcast.net> wrote in message
news:TOidnVgI5oiNsRWiU-KYgg@comcast.com...

> This is much like putting your housekey under your doormat. As long as
> no one gets to lift your doormat, or tap that unencrypted telnet
> communications, it's not a big deal.

Historical note here: you could have had open telnet access to
just about any machine over the last 20 years and the only time
you would have been vulnerable to compromise is when someone
is actually typing their password, and then only to the extent of the
permissions that particular password grants. If you have ever had any
version of ssh installed older than the one released a month or so ago your
machine was vulnerable to remote root compromise all the time
whether anyone ever logged in or not. So, just how good has that
advice to use ssh really been up till now? Which would you rather have
left running on some remote machine a year ago that you haven't logged
in from the internet since setting it up? Has the last bug been squashed in
sshd?

You also have to realize that if you permit access through unencryped
pop, imap, ftp, or http with basic authentication, those passwords are
available on the wire anyway. Encryption is a good thing but you
can't automatically assume that you've improved security by swapping
telnet for ssh. 

---
   Les Mikesell
     lesmikesell@comcast.net

Relevant Pages

  • RE: Commentary on the seven words
    ... When I was an operating systems programmer we all too often forgot that the Operating system existed to support the application, not the other way around. ... A Because the application that we run uses a telnet client that doesn't support ssh - and that's why I can't run ssh on this system. ... I administrate one system that has 128 clients on it and it's ...
    (RedHat)
  • Re: Commentary on the seven words
    ... A Because the application that we run uses a telnet client that doesn't ... support ssh - and that's why I can't run ssh on this system. ... General Red Hat Linux discussion list ... >operating system and utility advice and assistance and there are SEVEN ...
    (RedHat)
  • Re: I do not get ssh. Why is it more secure?
    ... How is this any more secure that plain old telnet? ... And, well, I just don't get the advantage of ssh ... If you put your ssh server on port 12345, it will be free from attacks. ... SSH connections, in the hands of someone who actually knows what they are doing, have the benefit of treating a remote machine as a remote machine. ...
    (comp.os.linux.misc)
  • Re: Commentary on the seven words
    ... routinely asked to help with enabling rsh and telnet. ... Shoot, I use SSH & all that, but if I wanted to allow it for some ... > I wrote in with a complaint that Linux will allow a process (like Tar, ... I administrate one system that has 128 clients ...
    (RedHat)
  • Re: I do not get ssh. Why is it more secure?
    ... I ask this because I will be needing to open SSH ... eavesdropped or modified under way (unlike telnet). ... Its only mire secure if you think your link can and will be ... When you have a connection that you want to make permanent, setting up a vpn is a good solution. ...
    (comp.os.linux.misc)