Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: telnet vs ssh on Core equipment , looking for reasons why ?

  • From: Scott Francis
  • Date: Tue Jul 31 18:32:20 2001

On Tue, Jul 31, 2001 at 11:48:55AM -0400, alex@yuriev.com exclaimed:
> *Yawn*
> 
> warning: Executing /opt/bin/ssh1 for ssh1 compatibility.
> Host key not found from the list of known hosts.
> !! If host key is new or changed, ssh1 protocol is vulnerable to an
> !! attack known as false-split, which makes it relativily easy to
> !! hijack the connection without the attack being detected. It is
> !! highly advisable to turn StrictHostKeyChecking to "yes" and
> !! manually copy host keys to known_hosts.
> Are you sure you want to continue connecting (yes/no)?
> 
> 
> It does not matter what kind of security system you have if you dont bother
> to actually engage it.

Amen to that.

> Alex

-- 
Scott Francis                   darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager          sfrancis@ [work:]         t o n o s . c o m
UNIX | IP networks | security | sysadmin | caffeine | BOFH | general geekery
GPG public key 0xCB33CCA7              illum oportet crescere me autem minui

Attachment: pgp00029.pgp
Description: PGP signature




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.