Sam,
As others have mentioned, SSHv1 has some problems and unfortunately, Cisco
has implemented v1 in their products, not v2.
Above and beyond this however, ssh can be vulnerable to a "Man In The
Middle" attack (MITM). This is because in the way most people use it, when
a client first connects to a server and get asked if they want to accept the
servers key, they simply say yes and move on. If you don't verify the key
independently, you can't be sure that your really talking to the real
server. Code has been written to specifically exploit this, you can find it
and more info on this topic here:
http://www.monkey.org/~dugsong/dsniff/
Bottom line, it's best if you first contact the server to get its public key
over a secured local network. Barring this, you should verify the key is
correct after accepting the key the first time you connect.
HTH,
Kent
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Sam Deckert
Sent: Thursday, June 28, 2001 1:37 AM
To: [EMAIL PROTECTED]
Subject: SSH over Internet - secure? [7:10251]
Gday everyone,
Generally, do you feel that using SSH to administer a router over the
Internet is secure, assuming all other aspects of the router config are
secured?
Thanks for your input....
Sam.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=10311&t=10251
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
