Professional Web Applications Themes

SSH - Sun Solaris

Hey all, Is that a good idea to disable telnet and use SSH instead for more security? thanks...

  1. #1

    Default SSH

    Hey all,
    Is that a good idea to disable telnet and use SSH instead for more security?
    thanks


    Rob Guest

  2. #2

    Default Re: SSH

    Rob wrote: 

    Yes, but be sure you have a very recent version of ssh. Some
    security bugs have been found in the last week or two, and
    you need the absolute latest release to get the fixes.

    - Logan

    Logan Guest

  3. #3

    Default Re: SSH

    In article <sTkfb.49755$austin.rr.com>,
    Logan Shaw <rr.com> wrote: 
    >
    >Yes, but be sure you have a very recent version of ssh. Some
    >security bugs have been found in the last week or two, and
    >you need the absolute latest release to get the fixes.[/ref]

    A bad version of SSH is still better than plain telnet.

    --
    Barry Margolin, com
    Level(3), Woburn, MA
    *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
    Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
    Barry Guest

  4. #4

    Default Re: SSH

    "Logan Shaw" <rr.com> wrote in message
    news:sTkfb.49755$austin.rr.com... [/ref]
    security? 

    Do you know where I can get the latest version?
    And how can I desiable telnet and enable ssh without rebooting my machine.
    Thanks a lot.
    Rob


    Rob Guest

  5. #5

    Default SSH

    Do you know where I can get the latest version of ssh?
    And how can I desiable telnet and enable ssh without rebooting my machine.
    Thanks a lot.
    Rob


    Rob Guest

  6. #6

    Default Re: SSH

    Rob wrote: [/ref]
    >
    > security?

    >
    >
    > Do you know where I can get the latest version?
    > And how can I desiable telnet and enable ssh without rebooting my machine.
    > Thanks a lot.
    > Rob
    >
    >[/ref]

    Several places will have OpenSSH. I'd remove the Solaris9 one if you
    are using it... replace with one from sunfreeware.com (for example...
    others will chime in with their "bigger/thicker" sites)... then
    shutdown telnet by commenting out the line(s) in your /etc/inetd.conf
    file and send a HUP signal to your inetd process. Run the init
    script the package creates for you in /etc/init.d to start
    sshd (if the package from your favorite software site didn't
    create an init script... you can use any number of init scripts
    as a template and create your own fairly easily).

    If you're running Solaris 8 and it doesn't have urandom support,
    you can look at an old post like:

    http://groups.google.com/groups?q=urandom+cox&hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=2F814955A6F05D89.90F9EA2C42430BE6.9F71A14AF EAC2F65%40lp.airnews.net&rnum=1

    for something that should do the trick (though there's a bug in
    the test routine part... but shouldn't matter, just answer no to
    the test section for now).





    Chris Guest

  7. #7

    Default Re: SSH

    Rob wrote:
     

    In a word, yes.

    --
    Erik Max Francis && com && http://www.alcyone.com/max/
    __ San Jose, CA, USA && 37 20 N 121 53 W && &tSftDotIotE
    / \ Can I walk with you / Through your life
    \__/ India Arie
    Erik Guest

  8. #8

    Default Re: SSH

    [Barry Margolin]: 

    I don't agree. a bad version of SSH is exploitable by the world.
    plain telnet requires access to the network equipment involved.
    --
    Kjetil T. | read and make up your own mind
    | http://www.cactus48.com/truth.html
    Kjetil Guest

  9. #9

    Default Re: SSH

    * Barry Margolin <com> [2003-10-03 20:28 UTC]:
     
    > >
    > > Yes, but be sure you have a very recent version of ssh. Some
    > > security bugs have been found in the last week or two, and
    > > you need the absolute latest release to get the fixes.[/ref]
    >
    > A bad version of SSH is still better than plain telnet.[/ref]

    Nonsense.

    Holger

    --
    PGP fingerprint: F1F0 9071 8084 A426 DD59 9839 59D3 F3A1 B8B5 D3DE
    Holger Guest

  10. #10

    Default Re: SSH

    Holger Weiss <de> writes: 
    >>
    >> A bad version of SSH is still better than plain telnet.[/ref]
    >
    >Nonsense.[/ref]

    Really? Why?

    --
    "The road to Paradise is through Intercourse."
    The uk.transport FAQ; http://www.huge.org.uk/transport/FAQ.html
    [email me at huge [at] huge [dot] org [dot] uk]


    Huge Guest

  11. #11

    Default Re: SSH

    Huge <org.uk> wrote: 
    >>
    >>Nonsense.[/ref]
    >
    > Really? Why?[/ref]

    Presuming you define "bad" as a version of SSH which has bug(s) for which
    an exploit exists (and this isn't currently the case for at least the
    latest SSH vulnerability for SunSSH as far as I'm aware) then telnet is
    definitely better than a bad SSH.

    With a "bad" SSH, anyone, anywhere who can access your machine can get
    themselves root access.
    With telnet, anyone, anywhere who can access your machine can get a telnet
    prompt. Someone who has access to sniff packets on a network which you
    login from/through will be able to login, possibly as root (if you logged
    in as root whilst they were sniffing).

    ie, the chances of someone actually being able to get into your box using
    telnet is quite low. The chances of someone being able to get in via an
    exploitable SSH is high.

    Of course, a non-exploitable SSH is far and away better than telnet!

    Scott.
    Scott Guest

  12. #12

    Default Re: SSH

    Scott Howard <net.au> writes: 
    >>
    >> Really? Why?[/ref]
    >
    >Presuming you define "bad" as a version of SSH which has bug(s) for which
    >an exploit exists[/ref]

    Precisely. So the answer to the question isn't "Nonsense", it's "It depends".


    --
    "The road to Paradise is through Intercourse."
    The uk.transport FAQ; http://www.huge.org.uk/transport/FAQ.html
    [email me at huge [at] huge [dot] org [dot] uk]


    Huge Guest

  13. #13

    Default Re: SSH

    Rob wrote: 

    www.openssh.org for latest ssh - currently 3.7.1p2. Probably not a bad
    idea to get an updated openssl from www.openssl.org as well - currently
    0.9.7c.

    Get ssh up and running [by configuring sshd.conf and then running the
    sshd daemon], then comment out telnet in /etc/inetd.conf [put a # at the
    start of it's entry] and 'pkill -HUP inetd' to signal the change to
    inetd. That should work. Sounds like it would be a wise idea to read
    all the docs first, though, as you don't want to mess things up, really.

    A

    Ade Guest

  14. #14

    Default Re: SSH

    Scott Howard <net.au> writes:
    [...] 
    [...]

    Are there any built-in S/Key and/or OPIE mechanisms in Solaris 9? A
    quick look on a Solaris 8 box doesn't reveal any.

    --
    David Magda <dmagda at ee.ryerson.ca>, http://www.magda.ca/
    Because the innovator has for enemies all those who have done well under
    the old conditions, and lukewarm defenders in those who may do well
    under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI
    David Guest

  15. #15

    Default Re: SSH

    Ade <ac.uk> writes:
     
    [...]

    I believe binaries of the latest version of both of these are
    available on blastwave.org as well.

    --
    David Magda <dmagda at ee.ryerson.ca>, http://www.magda.ca/
    Because the innovator has for enemies all those who have done well under
    the old conditions, and lukewarm defenders in those who may do well
    under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI
    David Guest

  16. #16

    Default Re: SSH

    "Scott Howard" <net.au> schrieb im Newsbeitrag
    news:..
     

    Now this is true nonsense. Obviously, you neglected the fact that, though
    still vulnerable, an SSH session is encrypted, while a telnet session is in
    plain text. It should be quite obvious, knowing these facts, to conclude
    that even a vulnerable SSH is superior to telnet.


    UNIX Guest

  17. #17

    Default Re: SSH


    "Rob" <com> schrieb im Newsbeitrag
    news:3f7de0a5$sentex.net...
     

    Although there is OpenSSH, I recommend you by it directly from
    http://www.ssh.com. Go to the source.


    UNIX Guest

  18. #18

    Default Re: SSH

    On Sun, 05 Oct 2003 23:08:30 +0200, UNIX admin wrote:

     

    You got a bit mixed up there. The URL is for the commercial version of
    SSH. OpenSSH is at http://www.openssh.org.

    Dave Guest

  19. #19

    Default Re: SSH

    On Sun, 5 Oct 2003 23:03:51 +0200, "UNIX admin"
    <com> wrote:
     
    >
    >Now this is true nonsense. Obviously, you neglected the fact that, though
    >still vulnerable, an SSH session is encrypted, while a telnet session is in
    >plain text. It should be quite obvious, knowing these facts, to conclude
    >that even a vulnerable SSH is superior to telnet.
    >[/ref]

    You have got to be joking!

    Let me see if I get this straight ....

    You would rather run a remotely-exploitable version of SSH than
    telnet? So, even though any script kiddie can trivially 'root' your
    servers, that's ok because your sessions are encrypted?

    At least with telnet, they would have to be on the same network
    segment to sniff your login and if you're using switches and not hubs,
    it's even harder. Hopefullly you wouldn't be logging in directly as
    'root', so the best they could get is a non-privileged account.



    Regards,

    Tom Hall









    Tom Guest

  20. #20

    Default Re: SSH

    On Sun, 05 Oct 2003 16:22:10 -0500, Dave Uhring <com>
    wrote:
     
    >
    >You got a bit mixed up there. The URL is for the commercial version of
    >SSH. OpenSSH is at http://www.openssh.org.[/ref]

    Re-read his post ...

    He was talking about buying the commercial version, he just didn't
    word it very well :)


    Regards,

    Tom Hall
    Tom Guest

Page 1 of 3 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139