On Sat, Dec 23, 2000 at 01:25:11PM +1300, David Preece wrote:
> At 15:37 22/12/00 -0800, you wrote:
>
> >The question asked is: why you believe ssh is beter
> >than say telnet. Or what advantages SSH has in general.
>
> Sorry, don't have time to reply to this properly.
>
> The main evil of ssh is that server authentication is not enforced, making
> mounting a man-in-the-middle attack basically trivial.
Incorrect..the problems with SSH come down to flaws in the human
operator who ignore the warnings SSH gives them, and tell it
explicitly to do insecure things like connect to a server which is
suddenly not the one you're used to connecting to.
These flaws can be all but eliminated by telling SSH to not even give
the poor weak confused human the choice of answering yes to the
question, by setting of a simple configuration option.
JMJr, a good place to start your talk on "The Evils of SSH" might be
the Pavlovian conditioning of humans to answer "Yes" to every question
a computer gives them..focus on the real problem here.
Kris
PGP signature
