[40020] in North American Network Operators' Group
Re: telnet vs ssh on Core equipment , looking for reasons why ?
daemon@ATHENA.MIT.EDU (alex@yuriev.com)
Tue Jul 31 10:50:26 2001
Date: Tue, 31 Jul 2001 10:41:59 -0400 (EDT)
From: <alex@yuriev.com>
To: "Stephen J. Wilcox" <steve@opaltelecom.co.uk>
Cc: fingers <fingers@fingers.co.za>,
"Mr. James W. Laferriere" <babydr@baby-dragons.com>, nanog@merit.edu
In-Reply-To: <Pine.LNX.4.21.0107311514050.23776-100000@staff.opaltelecom.net>
Message-ID: <Pine.LNX.3.96.1010731103720.29579F-100000@cathy.uuworld.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
> > > so thats my main logic, authentication... i cant understand the big
> > > paranoia on people sniffing tho!
> >
> > unfortunately ssh is just as sniffable if it's an arp spoof, but hopefully
> > it's not as easy for the naughty eavesdropper to get into the right
> > position for that....
Pardon for blowing your bubble but sniffing ssh keyexchange does not do you
any good. The symmetric key is exchanged via a channel aready secured. The
keys that is used to secure the channel used to exchange the symmetric key
are exchanged via DH-based protocol. If you want to spend your time
factoring primes for next 500 years to extract the key, you are more than
welcome to try. It is crypto-101.
Alex
