On Mon, May 15, 2000 at 12:44 -0500, Andy Glew wrote:
>
> Noel L Yap wrote:
>
> > [EMAIL PROTECTED] on 05/14/2000 09:50:23 PM
> > >CVS with its own dedicated socket/port
> > > run across SSH
> > >
> > > Transport secured, but the CVS socket/port
> > > is open to the world on the remote machine,
> > > and hence is insecure there, and on the
> > > remote machine's network.
> >
> > If the data stream is encrypted, why do you call this
> > insecure? How secure is secure?
>
> [ ... ]
>
> If the forwarded port is open to all of the network segment
> that the client machine is on, then you are only as secure as
> the least secure machine on that network.
Yes, *if* the forwarded port is open ... But this is normally
not the case. I recall myself wondering about the dialog box
popping up from TeraTerm Pro saying "remote host ... tried to use
us" (or something along these lines). Glimpsing over the ssh
manpage and reading third party literature too revealed that you
explicitely have to open you forwarded ports for use by other
machines than localhost. This means that any connection to this
port not originating from 127.0.0.1 will fail. And you have set
up a filter for your workstation not to allow such packets from
the outside interfaces since you're concerned about security.
Don't you? :)
virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76
Gerhard Sittig true | mail -s "get gpg key" [EMAIL PROTECTED]
--
If you don't understand or are scared by any of the above
ask your parents or an adult to help you.
