From: Keith Clancy (Keith.Clancy at domain Berlitz.ie)
Date: Thu 10 May 2001 - 14:50:06 IST
Using SSH your password is Encrypted with a Randomly generated RSA key,
People can get your password using telnet with an app like dsniff. Get
Putty.. and get them to close the telnet port on all your boxes, it sux.
It's a Windows ssh client... carry it round on a disk with you.. it's easier
"Plenty of people miss their share of happiness. Not because they never
found it, but because they didn't stop to enjoy it."
From: ilug-admin at domain linux.ie [mailto:ilug-admin at domain linux.ie]On Behalf Of John
Sent: 10 May 2001 14:39
To: Irish Linux Users Group
Subject: [ILUG] Security (Telnet vulnerability & Password cracking)
I've been told that a security audit is under way in some form here in UL.
The issues that have cropped up include the vulnerability of telnet & use
of password crackers.
I already knew about the first.
So to my two questions:
1) Is there a way to make ssh easy to use in the following environment: I
move from classroom to classroom here & often run up telnet under Win* to
connect to my Linux box (e.g. to copy files across to a smb share). If I
switch to ssh, do I have to carry keys round on a floppy? I presume there
is a Win* client.
2) Is my Linux passwd file really vulnerable to a password cracker
(not a dictionary attack, but genuine decryption)? Presumably this doesn't
matter if I use ssh?...
Any advice would be appreciated.
John A. Kinsella Ph: +353-61-202148 (Direct)
+353-61-333644 x 2148 (Switch)
Mathematics Dept. e-mail: John.Kinsella at domain ul.ie
University of Limerick FAX: +353-61-334927
IRELAND Web: http://jkcray.maths.ul.ie
-- Irish Linux Users' Group: ilug at domain linux.ie http://www.linux.ie/mailman/listinfo/ilug for (un)subscription information. List maintainer: listmaster at domain linux.ie
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:10:16 GMT