telnet vs ssh on Core equipment , looking for reasons why ?

Scott Francis darkuncle at darkuncle.net
Tue Jul 31 22:26:49 UTC 2001


On Tue, Jul 31, 2001 at 11:48:55AM -0400, alex at yuriev.com exclaimed:
> *Yawn*
> 
> warning: Executing /opt/bin/ssh1 for ssh1 compatibility.
> Host key not found from the list of known hosts.
> !! If host key is new or changed, ssh1 protocol is vulnerable to an
> !! attack known as false-split, which makes it relativily easy to
> !! hijack the connection without the attack being detected. It is
> !! highly advisable to turn StrictHostKeyChecking to "yes" and
> !! manually copy host keys to known_hosts.
> Are you sure you want to continue connecting (yes/no)?
> 
> 
> It does not matter what kind of security system you have if you dont bother
> to actually engage it.

Amen to that.

> Alex

-- 
Scott Francis                   darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager          sfrancis@ [work:]         t o n o s . c o m
UNIX | IP networks | security | sysadmin | caffeine | BOFH | general geekery
GPG public key 0xCB33CCA7              illum oportet crescere me autem minui
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 872 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20010731/4efb45f0/attachment.sig>


More information about the NANOG mailing list