If I understand it correctly, the only way this Wiley guy can break in is by
cracking the encryption, right ?
And he can't expect to do it in less than a couple of days,if not weeks or
months, with the curent key lengths and processing power.
But are there other holes opened up because the firewall has a port open for
ssh ?
I mean, while that port is not being used by ssh, can somebody use this port
to try and get access to a machine inside the firewall ?
dialling in is not really an option for me, as I use DSL at home.
Ankur
> -----Original Message-----
> From: Sudhakar Chandra [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, August 09, 2000 11:29 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [LIH] need ssh info
>
>
> Ankur Agrawal proclaimed:
> > my company's sysadmin is reluctant to give me ssh access to
> the LAN from
> > outside.
> > I read somewhere that ssh is safer compared to dial-in, for
> accessing
> > machines inside a firewall from the outside world.
> > Would anyone know of any specific site/article that talks about it ?
>
> Actually, IMO, the safest way to access machines behind the
> firewall is by
> dialling into a modem rack behind the firewall. That way, you have a
> dedicated connection between your machine and the machine you
> are dialling
> into. Someone would have to have physical access to the
> phone loop between
> you and the remote machine to break in.
>
> ssh is pretty safe. But the problem is when you ssh into a
> machine behind
> the firewall (or the actual firewall itself), the packets flow through
> various machines on the open internet. J. Wiley Cracker could,
> theoretically, sniff your packets passing through his machine
> and break
> in. It is possible, but IMO, rare at the moment.
>
> Thaths
> --
> Homer: Mel Gibson is just a guy Marge, no different than me or Lenny.
> Marge: Were you or Lenny ever named Sexiest Man Alive?
> Homer: Hmmm, I'm not certain about Lenny ...
> Sudhakar C13n http://www.aunet.org/thaths/ Lead Indentured Slave
>
> ----------------------------------------------
> An alpha version of a web based tool to manage
> your subscription with this mailing list is at
> http://lists.linux-india.org/cgi-bin/mj_wwwusr
>
----------------------------------------------
Find out more about this and other Linux India
mailing lists at http://lists.linux-india.org/
