Re: Anyone used Solaris Secure Shell, Sun's productized ssh for Solaris9?

From: Richard E. Silverman (slade@shore.net)
Date: 02/08/02 

From: slade@shore.net (Richard E. Silverman)
Date: 07 Feb 2002 22:28:56 -0500

>>>>> "LS" == Logan Shaw <logan@cs.utexas.edu> writes:

    LS> I guess we're operating under different assumptions. I'm
    LS> operating under the assumption that it's going to be necessary to
    LS> remotely login from one machine to another in a fashion that
    LS> doesn't require user intervention... Given that assumption, I
    LS> don't see why ssh provides all that much security benefit over rsh
    LS> _if_ your network is physically secure.

Again, I don't see what "physically secure" has to do with it. Your
network hardware can all be locked in a big steel box, but if it has an
Internet connection, then the possibility of penetration is real and
should be addressed.

    LS> Yes, you can snoop passwords, but the whole point of setting up
    LS> rsh in the first place is to not need passwords.

If the putative attacker is in a position to snoop passwords, he likely
can also spoof DNS and/or hijack IP addresses, and can thus trivially use
the rsh protocol mimic connections he sees and log in anywhere he pleases.

Contrast this with observing a bunch of SSH connections going by, which
would not reveal anything he needs to break into their target accounts.

    LS> I suppose SSH does provide better protection against session
    LS> hijacking that rsh does,

Let's be a bit more accurate: it provides very strong hijacking
protection, whereas rsh provides *none*.

    LS> but if you're using a switched network, that's not much of a
    LS> benefit.

This is entirely incorrect. Switching provides no real protection against
TCP hijacking, as ARP spoofing is effective against many OS's and there
are convenient tools available for doing it, see e.g. ettercap. 

-- 
  Richard Silverman
  slade@shore.net

Relevant Pages