Hosting Provided By

Re: Securing ssh tunnels.

From: Roy S. Rapoport <rsr(at)inorganic.org>
Date: Fri Jun 27 2003 - 18:55:52 EDT

On Fri, Jun 27, 2003 at 04:26:16PM -0400, Greg A. Woods wrote:
> > It's a strange way to look at things, but it's actually quite valid, and in

Amusingly, my first response to this was bounced by the moderator as being "too strong." Maybe this one will be bland enough...

There's no disagreement that somebody will find a way to get through most any method of security except for the one that involves turning off network and electricity, jailing people on-site and making sure they don't have phone access. The goal in any sort of security mechanism is to make the cost of penetration high enough that the benefit is not worth it. That's why my project web site is protected with straightforward cleartext passwords, but my machine requires SSH -- I don't care if you see my code all that much, but I do care if you get access to my systems.

So yes, people may be able to use covert channels to communicate even if you block SSH, but it's an added cost, and the barrier to entry is much higher. It doesn't mean your security measure is ineffective -- it's just not perfect and, well, no security measure is.

-roy Received on Fri Jun 27 20:19:55 2003

This message: [ Message body ]
Next message: Arthur: "Fw: how to use both key and password authentication to sshd ?"
Previous message: Tim Greer: "Re: SSH as root"
In reply to Greg A. Woods: "Re: Securing ssh tunnels."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:03:00 EDT