On Fri, 3 Mar 2000, Umesh Mallugari wrote:
> I agree with you on basic testing i.e., for encryption.
> But, what about testing for 'breach' and things like
> that?
That would be Tripwire <www.tripwire.com>. This has nothing
to do with ssh. If your security has been breached then you
need to verify *all* software on the machine, not just ssh.
If you want to know when/if the ssh software is broken then
you should probably read this list, as well as BugTraq
<www.securityfocus.com/forums/bugtraq/faq.html#0.3.1>.
And if you're really serious, you could always read the source to ssh and verify that
it is unbroken.
Amanda.
