List,
Thanks everyone for the feedback. There are now some
ideas how things could be improved using crypto. I
prepared a summary of the public and private responses,
and clarifications, at:
http://email-security.blogspot.com/2007_07_01_archive.html
Comments are welcome in here (if crypto) an i
Ed Gerck <[EMAIL PROTECTED]> writes:
>Some issues could be minimized by turning off password authentication, which
>is not practical in many cases.
That would probably make things much worse. A study of SSH attacks a few
years ago showed that nearly two thirds of all SSH private keys were stored
i'm an OpenBSD developer, so i have some knowlege but could be biased.
> SSH (OpenSSH) is routinely used in secure access for remote server
> maintenance. However, as I see it, SSH has a number of security issues
> that have not been addressed (as far I know), which create unnecessary
> vu
Ivan Krstić wrote:
> On Jul 14, 2007, at 2:43 PM, Ed Gerck wrote:
>> 1. firewall port-knocking to block scanning and attacks
>> 2. firewall logging and IP disabling for repeated attacks (prevent DoS,
>> block dictionary attacks)
>> 3. pre- and post-filtering to prevent SSH from advertising itself a
On Jul 14, 2007, at 2:43 PM, Ed Gerck wrote:
1. firewall port-knocking to block scanning and attacks
2. firewall logging and IP disabling for repeated attacks (prevent
DoS,
block dictionary attacks)
3. pre- and post-filtering to prevent SSH from advertising itself and
server OS
4. block empty
On 7/14/07, Ed Gerck <[EMAIL PROTECTED]> wrote:
1. firewall port-knocking to block scanning and attacks
I would love to see a mode like freenet's silent bob, where connectors
must prove probable knowledge of the host key before the node will
talk.
5. block sending host key fingerprint for inv
On Sat, Jul 14, 2007 at 11:43:53AM -0700, Ed Gerck wrote:
> SSH (OpenSSH) is routinely used in secure access for remote server
> maintenance. However, as I see it, SSH has a number of security issues
> that have not been addressed (as far I know), which create unnecessary
> vulnerabilities.
>
> So
Doesn't this belong on the old SSHv2 WG's mailing list?
On Sat, Jul 14, 2007 at 11:43:53AM -0700, Ed Gerck wrote:
> SSH (OpenSSH) is routinely used in secure access for remote server
> maintenance. However, as I see it, SSH has a number of security issues
> that have not been addressed (as far I k
List,
SSH (OpenSSH) is routinely used in secure access for remote server
maintenance. However, as I see it, SSH has a number of security issues
that have not been addressed (as far I know), which create unnecessary
vulnerabilities.
Some issues could be minimized by turning off password authentica