Reading this: ``HTTPS support : you can sniff http SSL secured data... and even if the connection is made through a PROXY''
from: http://ettercap.sourceforge.net/ would make me feel bad while using telnet over ssl. Correct me, If I'm wrong but telnet and http trough an ssl tunnel is the very same. So if it can sniff http, it can sniff telnets too... SSH is the way to go. Enforce Protocol version 2 because ettercap can sniff SSH1 too. SSH is better than telnets too because SSH implements not just password authentication but host auth too. Am Fre, 2002-09-20 um 20.41 schrieb Daniel Miessler: > > Can someone help me understand the difference between SSH and Telnet > over > > SSL? > > SSH is the 'secure shell', meaning that it was designed to do secure > remote terminal type activities. > > Telnet over SSL is two things: > > 1. Telnet. Telnet is the old and insecure way of doing remote access to > *nix systems. It sends all traffic in the clear and can be sniffed > easily. > > 2. SSL. SSL is the 'secure socket layer'. It allows otherwise insecure > traffic to become more secure by encrypting it using SSL. > > Basically, SSH is designed for doing what it does, whereas telnet over > SSL is a workaround to make telnet act more like SSH. > > --danielrm26 >
