SSH (version 2 at least), has proven to be basically impossible to sniff
or hijack. Of course everything is encrypted from the start (first
thing that happens is the client and server negotiate crypto), and this
helps, but due to all the authentication (server auths to you before you
auth to the server, good idea and prevents man in the middle attacks or
IP address theft).
Of course VPNs have similar schemes, but if all you need is a remote
shell (and remember, you can pipe things across SSH to do all sorts of
neat stuff), SSH is probably simpler and has loads of clients available.
Spoofing a MAC address is trivial on Linux (ifconfig eth0 hw <type mac
address>), but on windows the driver has to support it. Also, the
person spoofing has to know what MAC address to spoof to. Basically,
treat mac addresses like IP addresses; totally unreliable authentication
wise, but can be useful as an extra sanity check.
--MonMotha
R. Scott Belford wrote:
For remote access, is setting up a VPN inherently more secure than
establishing a SSH session? Is either connection easier to sniff?
Somewhat related, haven't I seen some discussion on the list about limiting
access based on the MAC address? Does this offer the complete peace of mind
that it sounds capable of, or can MAC addresses be spoofed?
scott
