telnet vs ssh on Core equipment , looking for reasons why ?
Scott Francis
darkuncle at darkuncle.net
Tue Jul 31 22:26:49 UTC 2001
On Tue, Jul 31, 2001 at 11:48:55AM -0400, alex at yuriev.com exclaimed:
> *Yawn*
>
> warning: Executing /opt/bin/ssh1 for ssh1 compatibility.
> Host key not found from the list of known hosts.
> !! If host key is new or changed, ssh1 protocol is vulnerable to an
> !! attack known as false-split, which makes it relativily easy to
> !! hijack the connection without the attack being detected. It is
> !! highly advisable to turn StrictHostKeyChecking to "yes" and
> !! manually copy host keys to known_hosts.
> Are you sure you want to continue connecting (yes/no)?
>
>
> It does not matter what kind of security system you have if you dont bother
> to actually engage it.
Amen to that.
> Alex
--
Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager sfrancis@ [work:] t o n o s . c o m
UNIX | IP networks | security | sysadmin | caffeine | BOFH | general geekery
GPG public key 0xCB33CCA7 illum oportet crescere me autem minui
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 872 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20010731/4efb45f0/attachment.sig>
More information about the NANOG
mailing list