Firewalls: Re: SSH Questions

Firewalls
(April 1998)

Indexed By Thread: [Previous] [Next]

Subject:	Re: SSH Questions
From:	Doug Hughes <doug @ Eng . Auburn . EDU>
Date:	Sat, 4 Apr 1998 11:26:00 -0600 (CST)
To:	firewalls @ greatcircle . com
In-reply-to:	<9803038916 . AA891626021 @ yrelay . nsf . gov>

On Fri, 3 Apr 1998 dmcewen @
 nsf .
 gov wrote:

> SSH provides security via encryption, so it makes it much harder to 
> snoop your data including userid and password. However, if some one is 
> able to comprimise your userid/password, then you have made the 
> firewall a joke because it is so easy to tunnel other protocols via 
> ssh. I'd suggest that inbound ssh only be done with strong auth such 
> as SecurID. 
> 

It should be noted that you can disable this tunnelling feature
by using 'no-port-forwarding'. Also compromising the userid and
password is a lot harder than it sounds since it is encrypted. Somebody
would have to be looking over your shoulder. But, it's a good point.

____________________________________________________________________________
Doug Hughes					Engineering Network Services
System/Net Admin  				Auburn University
			doug @
 eng .
 auburn .
 edu

References:

Re: SSH Questions
From: dmcewen @ nsf . gov

Indexed By Date	Previous:	Re: Sniffer From: daemonman @ juno . com (Jack Riley)
Indexed By Date	Next:	[no subject] From: mediplan @ ssdnet . com . ar
Indexed By Thread	Previous:	Re: SSH Questions From: dmcewen @ nsf . gov
Indexed By Thread	Next:	RE: SSH Questions From: Michael Batchelor <Michael_Batchelor @ citysearch . com>