On Sun, 22 Sep 2002, Iljitsch van Beijnum wrote:
> > On Sun, 22 Sep 2002, Richard A Steenbergen wrote: > > > On Sun, Sep 22, 2002 at 01:11:07PM +0200, Iljitsch van Beijnum wrote: > > > > There are also people ssh'ing to personal and corporate machines from > > > > the terminal room where the root password is given out or easily > > > > available. > > > > Are you saying people shouldn't SSH? > > > I've seen far too many people get into trouble because they have some > > flawed thinking that "ssh == always secure", even against compromises of > > one of the endpoints. If root is available, a reasonable person should > > ASSUME that some bored individual (like Bandy Rush) has taken 30 seconds > > and recompiled the ssh binaries with a password logger. When we hosted nanog 16 we made the effort to periodically compare the md5 sums of the binaries on the terminal room machines to a reference source. I wouldn't personally place a greate deal of trust in machines that aren't in ones possession but we try. > Excellent point. Fortunately, this doesn't apply to running SSH from your > laptop over the wireless network. > -- -------------------------------------------------------------------------- Joel Jaeggli Academic User Services [EMAIL PROTECTED] -- PGP Key Fingerprint: 1DE9 8FCA 51FB 4195 B42A 9C32 A30D 121E -- In Dr. Johnson's famous dictionary patriotism is defined as the last resort of the scoundrel. With all due respect to an enlightened but inferior lexicographer I beg to submit that it is the first. -- Ambrose Bierce, "The Devil's Dictionary"