Doesn't this belong on the old SSHv2 WG's mailing list?
On Sat, Jul 14, 2007 at 11:43:53AM -0700, Ed Gerck wrote:
SSH (OpenSSH) is routinely used in secure access for remote server
maintenance. However, as I see it, SSH has a number of security issues
that have not been addressed (as far I
On Sat, Jul 14, 2007 at 11:43:53AM -0700, Ed Gerck wrote:
SSH (OpenSSH) is routinely used in secure access for remote server
maintenance. However, as I see it, SSH has a number of security issues
that have not been addressed (as far I know), which create unnecessary
vulnerabilities.
Some
On 7/14/07, Ed Gerck [EMAIL PROTECTED] wrote:
1. firewall port-knocking to block scanning and attacks
I would love to see a mode like freenet's silent bob, where connectors
must prove probable knowledge of the host key before the node will
talk.
5. block sending host key fingerprint for
On Jul 14, 2007, at 2:43 PM, Ed Gerck wrote:
1. firewall port-knocking to block scanning and attacks
2. firewall logging and IP disabling for repeated attacks (prevent
DoS,
block dictionary attacks)
3. pre- and post-filtering to prevent SSH from advertising itself and
server OS
4. block empty
Ivan Krstić wrote:
On Jul 14, 2007, at 2:43 PM, Ed Gerck wrote:
1. firewall port-knocking to block scanning and attacks
2. firewall logging and IP disabling for repeated attacks (prevent DoS,
block dictionary attacks)
3. pre- and post-filtering to prevent SSH from advertising itself and
i'm an OpenBSD developer, so i have some knowlege but could be biased.
SSH (OpenSSH) is routinely used in secure access for remote server
maintenance. However, as I see it, SSH has a number of security issues
that have not been addressed (as far I know), which create unnecessary
Ed Gerck [EMAIL PROTECTED] writes:
Some issues could be minimized by turning off password authentication, which
is not practical in many cases.
That would probably make things much worse. A study of SSH attacks a few
years ago showed that nearly two thirds of all SSH private keys were stored on
List,
Thanks everyone for the feedback. There are now some
ideas how things could be improved using crypto. I
prepared a summary of the public and private responses,
and clarifications, at:
http://email-security.blogspot.com/2007_07_01_archive.html
Comments are welcome in here (if crypto) an
List,
SSH (OpenSSH) is routinely used in secure access for remote server
maintenance. However, as I see it, SSH has a number of security issues
that have not been addressed (as far I know), which create unnecessary
vulnerabilities.
Some issues could be minimized by turning off password
