[linux-elitists] telnet weenie frenzy!

Rick Moen rick@linuxmafia.com
Tue Feb 27 10:23:34 PST 2001


begin  Bulent Murtezaoglu quotation:

> Given that, the "well known need" is not known at all.

But perhaps you forget that the sshd _explains_ this.  Every time,
succinctly, and in terms a half-way alert layman should be able to
understand.

It puts up the aforementioned warning:  It warns you when a host key
has never been seen before, and explains the possibility of an imposter
host.  And it also warns you about changed host keys, and what they
could mean if unexpected.

> Yes, I do.  But if you assume people will break into intermediate
> routers and sniff your packets, it does not seem that outlandish to
> suppose they can do other stuff also.

But, you see, that's a vague hand-wave at a more-complex issue.  You
perhaps have not considered in detail what measures are in place to
prevent, detect, and recover from compromises of the distribution
channels for security-sensitive software.  I have.

As with other security matters, it is a question of risk-assessment and
management.  But I think you would be surprised at the measures in
place.

> Note the qualification, I am not saying that it is trivial, I am
> saying that if one is easy then the other is not hard.  That's all.

I make no comment here on ease of entry to routers, other than that it
isn't particularly relevant to SSH usage.  But I will say that your
conclusion simply does not follow.

> Yes, but we are already assuming that it is not me who's the
> adversary, it is someone who can sniff the victim's packets at the IP
> level through the Internet.

I honestly can't see that this makes a difference, for the types of
compromise you spoke of.

> I agree you should go after those after coffee!)

I'm caffeinating myself, now.  (Ahh!)

-- 
Cheers,             We write precisely            We say exactly
Rick Moen           Since such is our habit in    How to do a thing or how
rick@linuxmafia.com Talking to machines;          Every detail works.
Excerpt from Prof. Touretzky's decss-haiku.txt @ http://www.cs.cmu.edu/~dst/



More information about the linux-elitists mailing list