Re: SSH over Internet - secure? [7:10251]
Its proly the most secure way to allow access remotely, aside from maybe dialback. Brian "Sonic" Whalen Success = Preparation + Opportunity On Thu, 28 Jun 2001, Sam Deckert wrote: > Gday everyone, > > Generally, do you feel that using SSH to administer a router over the > Internet is secure, assuming all other aspects of the router config are > secured? > > Thanks for your input > > Sam. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=10368&t=10251 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: SSH over Internet - secure? [7:10251]
Sam, As others have mentioned, SSHv1 has some problems and unfortunately, Cisco has implemented v1 in their products, not v2. Above and beyond this however, ssh can be vulnerable to a "Man In The Middle" attack (MITM). This is because in the way most people use it, when a client first connects to a server and get asked if they want to accept the servers key, they simply say yes and move on. If you don't verify the key independently, you can't be sure that your really talking to the real server. Code has been written to specifically exploit this, you can find it and more info on this topic here: http://www.monkey.org/~dugsong/dsniff/ Bottom line, it's best if you first contact the server to get its public key over a secured local network. Barring this, you should verify the key is correct after accepting the key the first time you connect. HTH, Kent -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Sam Deckert Sent: Thursday, June 28, 2001 1:37 AM To: [EMAIL PROTECTED] Subject: SSH over Internet - secure? [7:10251] Gday everyone, Generally, do you feel that using SSH to administer a router over the Internet is secure, assuming all other aspects of the router config are secured? Thanks for your input Sam. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=10311&t=10251 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: SSH over Internet - secure? [7:10251]
Let me also add that Secure Shell version 2 is very secure. Furthermore, use OpenSSh because it is free and I believe the latest version is 2.5.x or something. One other thing, if you change the keylength from 768 (which is th default) to 1024 with SSH version 2, it will make box rock-solid. >From: "Murphy, Brian J SSI-ISET-31" >Reply-To: "Murphy, Brian J SSI-ISET-31" >To: [EMAIL PROTECTED] >Subject: RE: SSH over Internet - secure? [7:10251] >Date: Thu, 28 Jun 2001 05:14:11 -0400 > >Sam, >It should be, but SSH 1.5 is not completly secure, I would recommend a SSH 2 >host on site then SSH over to router. >When talking about using SSH on the router please take into account the >recent Cisco Security Notice >http://www.cisco.com/warp/public/707/SSH-multiple-pub.html > >-Original Message- >From: Sam Deckert [mailto:[EMAIL PROTECTED]] >Sent: Thursday, June 28, 2001 10:37 AM >To: [EMAIL PROTECTED] >Subject: SSH over Internet - secure? [7:10251] > > >Gday everyone, > >Generally, do you feel that using SSH to administer a router over the >Internet is secure, assuming all other aspects of the router config are >secured? > >Thanks for your input > >Sam. > > > > >Message Posted at: >http://www.groupstudy.com/form/read.php?f=7&i=10253&t=10251 >-- >FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=10271&t=10251 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: SSH over Internet - secure? [7:10251]
Sam, It should be, but SSH 1.5 is not completly secure, I would recommend a SSH 2 host on site then SSH over to router. When talking about using SSH on the router please take into account the recent Cisco Security Notice http://www.cisco.com/warp/public/707/SSH-multiple-pub.html -Original Message- From: Sam Deckert [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 28, 2001 10:37 AM To: [EMAIL PROTECTED] Subject: SSH over Internet - secure? [7:10251] Gday everyone, Generally, do you feel that using SSH to administer a router over the Internet is secure, assuming all other aspects of the router config are secured? Thanks for your input Sam. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=10253&t=10251 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
SSH over Internet - secure? [7:10251]
Gday everyone, Generally, do you feel that using SSH to administer a router over the Internet is secure, assuming all other aspects of the router config are secured? Thanks for your input Sam. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=10251&t=10251 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]