Re: [e-smith-devinfo] SSH Security

Thu, 19 Jul 2001 06:42:15 -0700 

On this subject, does anyone know of a version of putty or similar that will
run on a Macintosh? Thanks for any info.
-- 
Richard Bruce
Clyde & Forth Press Ltd

email: [EMAIL PROTECTED]

> From: Dan York <[EMAIL PROTECTED]>
> Organization: e-smith, Inc.
> Date: Thu, 19 Jul 2001 07:23:44 -0400
> To: Richard Ford <[EMAIL PROTECTED]>
> Cc: dev info <[EMAIL PROTECTED]>
> Subject: Re: [e-smith-devinfo] SSH Security
> 
> Richard,
> 
>> Yes I have used the TTSSH for a couple of years now... but somehow I got it
>> in my head that SSH1 established connections with a plain text password
>> transmissions?
> 
> Nope, plaintext password transmission would be telnet.  SSH1 uses the
> RSA encryption algorithm for its authentication keys.  SSH2 introduced
> the use of the stronger DSA algorithm, and also provided a means that
> other encryption methods could be used.  I believe the folks at ssh.com
> also introduced some licensing changes with SSH2, which then provoked
> folks to start the OpenSSH project off of a version of the 1.x codebase.
> 
> A quick search at http://www.linuxdoc.org/ (the LDP) yielded this:
> 
> http://www.linuxdoc.org/LDP/LG/issue61/dellomodarme.html
> 
> A quick search at http://www.google.com/ on "ssh1 ssh2 difference" brought up
> a range of results, including (both of which have a chart of encryption
> algorithms):
> 
> http://www.talug.org/minutes/20000614/ssh/
> 
> http://doherty.ldgo.columbia.edu/NETWORK/ssh/ssh-faq-1.html  (good details)
> 
> So, no, it doesn't use plain text passwords at all.
> 
> Telnet, on the other hand, **does** transmit passwords in plaintext, which is
> why we repeatedly and STRONGLY encourage people NOT to use telnet and to use
> ssh instead.
> 
> Regards,
> Dan
> 
> 
> --
> Please report bugs to [EMAIL PROTECTED]
> Please mail [EMAIL PROTECTED] (only) to discuss security issues
> Support for registered customers and partners to [EMAIL PROTECTED]
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
> 
> 
> 


--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org

Reply via email to