I'd just like to add on thing here I know with ssh you can delay a bad login so you have longer to detect it (like 5 or 10 min delay).
Shawn wrote:
Webmin works over the HTTP protocol - which is easy enough to get information from. Even with SSL, only the packets between the host and client are encrypted - except for the initial handshake needed for SSL. (I get the feeling this might be a point I'm about to be corrected on?) With SSH, EVERYTHING is encrypted in all communications between the two boxes involved. The point can be argued either way, I guess.Webmin works over HTTPS - running it over HTTP, which is possible to set up is the equivalent of specifically allowing Telnet, rather than SSH, to as far as I'm concerned it is a downright silly argument.
If you can explain to me how there is more encryption via SSH than there is via SSL, I'm all ears.
Are you doing web based banking? Are you using SSH or are you using a browser with SSL?
To my knowlage webmin does not support this and I have seen many browsers that support dictanary attacks on forms and such.
Also you can view the bad logins with ssh in that one email from localhost every night (I cant remember what its called)
Also this to the best of my knowlage is not supported in webmin.
personaly I wouldn't recomend webmin instead of ssh because I'm more the command prompt kind of person.
I find if I dont know something in the command prompt I can google it (so far i have always found everything) or if nothing turns up ask clug.
Travis R.
_______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
