[ On Friday, February 12, 1999 at 11:42:03 (-0600), Dave Dykstra wrote: ]
> Subject: Re: transfering files back along an existing connection
>
> I understand Greg's and Steve's points and agree with them, but when I am
> forced to use ssh on an unsecured client I still feel more comfortable using
> off-board hardware authentication because it at least limits the kinds of
> attacks that can be done and it limits vulnerability to attacks that
> occurred before or during its use and leaves nothing like a private key
> around to be exploited later. Not much, but better than nothing.
I know several people who carry around FreeBSD or Linux boot floppies
with SSH on them, and this would be my preferred solution too if I were
stuck with such a situation. The trick here is preparing for this
scenario.
I trust the average office and datacentre hardware a lot more than I
trust any foreign software.
Last time I was at a conference terminal room I was able to poke around
on the machines enough to be reasonably sure they hadn't been hacked,
and that the ssh installation was pristine, and indeed the person who
had configured the machines was willing to give strong assurances too.
The time before that I was volunteering in the conference room and I
personally audited the machines and installed SSH, more for my own use
than for anyone else, as at that time not so many users at that
particular conference were already using SSH.
It's really too bad sshd doesn't have an option to reject unknown hosts
-- i.e. force users to obtain a valid public key for a host before they
are allowed to login from it and optionally to ignore ~/.ssh/known_hosts
completely. Somewhere I've a wish-list of such features for SSH, but
I'd been putting off doing anything about it waiting to see which
implementation of ssh2 would be the primary one I use.... For now I
just use a pretty vanilla ssh1.
--
Greg A. Woods
+1 416 218-0098 VE3TCP <[EMAIL PROTECTED]> <robohack!woods>
Planix, Inc. <[EMAIL PROTECTED]>; Secrets of the Weird <[EMAIL PROTECTED]>
