On Sun, December 11, 2005 0:26, David H. Lynch Jr. said:
> The moment you do not have physical security all the rest of this is
> If your server is physically secure you are not going to crack ssh -
No. And absolute falsehood, one that is getting people into trouble.
But I'm not goign into this on a public mailing list. It's OT, and
I refuse to leave training material in Google for the next generation of
> absent installing an older version with a know vulnerability - and there
> are not that many of those out there, or having enormous computational
> resources, or enormous amounts of time.
> After that while I am sure you can horribly misconfigure a Linux system,
> or even build your own linux system vulnerable to anything you want,
> however ordinary users can not load modules, or install keystroke loggers.
> I am not actually aware whether ssh is vulnerable to "man-in-the-middle"
> attacks, in fact one of its attributes is that it secures against them.
It's not, exactly. Again, see my above comment.
> ssh does NOT work like ssl. aside from the serious technical problems
> listed below, accomplishing an ssh man-in-the-middle attack would
> probably require that you already have ssh access to the target server.
> The purpose of a man-in-the-middle attack is not to compromise the
> target server, but to compromise the data being communicated over the
> channel. A successful man-in-the-middle attack typically requires
> a publicly accessible service - such as http, over which sensitive
> information is being communicated - as via ssl.
> But a man-in-the-middle attack is NOT nearly so easily accomplish as
> gaining access to the pipe and snooping. It requires poisioning the
> internet sufficiently to allow your server to impersonate the target
> server. That typically involves spoofing DNS and/or routing - not
> particularly trivial. Alternatively they can be accomplished if you have
> physical control (not just access) to a big pipe and can transparently
> interupt it. Inside the capabilities of an ISP, but not an ordinary
> Finally, I am not aware of an open linux KERNEL vulnerability, and I do
> Linux kernel work for a living. There are numerous vulnerable
> applications and services you can run on Linux, or you can setup your
> security badly. One of the fundimental differences between Linux and
> Windows is that by default Linux is configured substantiually more
> securely, you have to choose to weaken it. Windows is improving, but by
> default it still makes more poor security configuration choices.
> Any knowledgeable system administrator can significantly improve windows
> security or significantly diminish that of Linux.
It's not a kernel vulnerability. It's a simple module that's installed,
once an application is used to gain root level access.
PS: I'm not reponding to anymore of this thread. It's OT, and pointless.
If you believe that SSH is the cureall, so be it.