home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
kermit.columbia.edu
/
kermit.columbia.edu.tar
/
kermit.columbia.edu
/
newsgroups
/
misc.20010306-20010921
/
000073_news@columbia.edu _Mon Apr 23 00:33:22 2001.msg
< prev
next >
Wrap
Internet Message Format
|
2001-09-20
|
3KB
Return-Path: <news@columbia.edu>
Received: from newsmaster.cc.columbia.edu (newsmaster.cc.columbia.edu [128.59.59.30])
by uhaligani.cc.columbia.edu (8.9.3/8.9.3) with ESMTP id AAA01802
for <kermit.misc@cpunix.cc.columbia.edu>; Mon, 23 Apr 2001 00:33:20 -0400 (EDT)
Received: (from news@localhost)
by newsmaster.cc.columbia.edu (8.9.3/8.9.3) id XAA14977
for kermit.misc@watsun.cc.columbia.edu; Sun, 22 Apr 2001 23:54:54 -0400 (EDT)
X-Authentication-Warning: newsmaster.cc.columbia.edu: news set sender to <news> using -f
From: r@your_host.com (cLIeNUX user)
Subject: Re: telnet file transfer
Date: Mon, 23 Apr 2001 03:54:39 -0000
Organization: Posted via Supernews, http://www.supernews.com
Message-ID: <te79rvtnqdpee6@corp.supernews.com>
To: kermit.misc@columbia.edu
humbubba@smart.net
>In article <te4f9bk4d3i4d8@corp.supernews.com>,
>cLIeNUX user <r@your_host.com> wrote:
>: ...
>: What do you recommend for secure shell connections?
>:
>At the moment we recommend SSL/TLS, SRP, or Kerberos 4 or 5, none of
>which have the vulnerabilities of SSH. Of course we provide clients for
>these security methods, and servers are listed here:
>
> http://www.columbia.edu/kermit/telnetd.html
>
>We also have our own server that supports these methods:
>
> http://www.columbia.edu/kermit/cuiksd.html
>
>Of course the problem with centrally managed security schemes is that they
>are difficult to set up. The high startup cost, however, pays off down
>the road when security violations actually occur. Since identities are
>kept centrally in a safe place, rather than on PC hard disks all over the
>Internet, security violations can be handled centrally too, by revoking
>identities or certificates. Distributed methods such as SSH are
>unmanageable by their very nature. If you have keys on your PC for 100
>hosts all over the net, and somebody steals your key file and decrypts it
>offline, they have access to all 100 hosts. Suppose this happens while
>you are away on vacation. The network security team at your site has no
>way of cleaning up this mess. After this kind of thing happens a few
>times, they might wish they had taken the trouble to institute a more
>manageable security scheme.
>
>- Frank
Thanks.
Is the distributed nature of SSH your only problem with it?
I'm absolutely clueless about this stuff, BTW. The only server I turn on
in cLIeNUX is in.identd since IRC nets/channels seem to want it these
days.
Rick Hohensee
www.clienux.com