home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Columbia Kermit
/
kermit.zip
/
newsgroups
/
misc.20010306-20010921
/
000072_news@columbia.edu _Sun Apr 22 17:33:19 2001.msg
< prev
next >
Wrap
Internet Message Format
|
2020-01-01
|
2KB
Return-Path: <news@columbia.edu>
Received: from newsmaster.cc.columbia.edu (newsmaster.cc.columbia.edu [128.59.59.30])
by monire.cc.columbia.edu (8.9.3/8.9.3) with ESMTP id RAA07214
for <kermit.misc@cpunix.cc.columbia.edu>; Sun, 22 Apr 2001 17:33:18 -0400 (EDT)
Received: (from news@localhost)
by newsmaster.cc.columbia.edu (8.9.3/8.9.3) id RAA00173
for kermit.misc@watsun.cc.columbia.edu; Sun, 22 Apr 2001 17:07:46 -0400 (EDT)
X-Authentication-Warning: newsmaster.cc.columbia.edu: news set sender to <news> using -f
From: fdc@columbia.edu (Frank da Cruz)
Subject: Re: telnet file transfer
Date: 22 Apr 2001 21:07:46 GMT
Organization: Columbia University
Message-ID: <9bvh72$5a$1@newsmaster.cc.columbia.edu>
To: kermit.misc@columbia.edu
In article <te4f9bk4d3i4d8@corp.supernews.com>,
cLIeNUX user <r@your_host.com> wrote:
: ...
: What do you recommend for secure shell connections?
:
At the moment we recommend SSL/TLS, SRP, or Kerberos 4 or 5, none of
which have the vulnerabilities of SSH. Of course we provide clients for
these security methods, and servers are listed here:
http://www.columbia.edu/kermit/telnetd.html
We also have our own server that supports these methods:
http://www.columbia.edu/kermit/cuiksd.html
Of course the problem with centrally managed security schemes is that they
are difficult to set up. The high startup cost, however, pays off down
the road when security violations actually occur. Since identities are
kept centrally in a safe place, rather than on PC hard disks all over the
Internet, security violations can be handled centrally too, by revoking
identities or certificates. Distributed methods such as SSH are
unmanageable by their very nature. If you have keys on your PC for 100
hosts all over the net, and somebody steals your key file and decrypts it
offline, they have access to all 100 hosts. Suppose this happens while
you are away on vacation. The network security team at your site has no
way of cleaning up this mess. After this kind of thing happens a few
times, they might wish they had taken the trouble to institute a more
manageable security scheme.
- Frank