[40061] in North American Network Operators' Group
Re: telnet vs ssh on Core equipment , looking for reasons why ?
daemon@ATHENA.MIT.EDU (Scott Francis)
Tue Jul 31 18:30:16 2001
Date: Tue, 31 Jul 2001 15:26:49 -0700
From: Scott Francis <darkuncle@darkuncle.net>
To: alex@yuriev.com
Cc: nanog@merit.edu
Message-ID: <20010731152648.G25774@darkuncle.net>
Mail-Followup-To: Scott Francis <darkuncle@darkuncle.net>,
alex@yuriev.com, nanog@merit.edu
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="RMedoP2+Pr6Rq0N2"
Content-Disposition: inline
In-Reply-To: <Pine.LNX.3.96.1010731114821.29579Y-100000@cathy.uuworld.com>; from alex@yuriev.com on Tue, Jul 31, 2001 at 11:48:55AM -0400
Errors-To: owner-nanog-outgoing@merit.edu
--RMedoP2+Pr6Rq0N2
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Jul 31, 2001 at 11:48:55AM -0400, alex@yuriev.com exclaimed:
> *Yawn*
>=20
> warning: Executing /opt/bin/ssh1 for ssh1 compatibility.
> Host key not found from the list of known hosts.
> !! If host key is new or changed, ssh1 protocol is vulnerable to an
> !! attack known as false-split, which makes it relativily easy to
> !! hijack the connection without the attack being detected. It is
> !! highly advisable to turn StrictHostKeyChecking to "yes" and
> !! manually copy host keys to known_hosts.
> Are you sure you want to continue connecting (yes/no)?
>=20
>=20
> It does not matter what kind of security system you have if you dont both=
er
> to actually engage it.
Amen to that.
> Alex
--=20
Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager sfrancis@ [work:] t o n o s . c o m
UNIX | IP networks | security | sysadmin | caffeine | BOFH | general geekery
GPG public key 0xCB33CCA7 illum oportet crescere me autem minui
--RMedoP2+Pr6Rq0N2
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iQIXAwUBO2cwp4gCD7rLM8ynFAMWTwf/QbeS20Atl56fpC1xv52e9GDVFu7Bw7V5
Xrrtx4c9IpbQkgjuEphxjuNH2nmACV35jDMgwNl+qccw7smFOHgdG77aaKPuEZIy
5HFQsheYLhysXlHzkx/xY7TtWSxyuL0hKGUlkud1u2vZkKpULPvRNTVJ3nqZBQWQ
zg+x1jpMYuD6ynCUgZpqbrX5EwA0eF66y7TOQp+FpAXC4EvVq8mm8Q/PcS9eHkIX
Pf3J6DG/M0Ad+EGPK/fLHdYTgjpbcKwDC2nPPIXq1ggo9AhHLaXGX4BSC9XBCsDb
vwc7f6XB7bblKC0jhQ9z6yZ6wo362wN5X4m9lxjayy8fTodXHCjBxwf/d/2G1Rmy
nOgHzY3A8U5V1eTS08MCB19NtrjvNUsLjQNP8c4bSSJuRHpeoRngRyS+Uc3dTNeT
sxACd66Fl0HIyCGC8Rh50S4SonKQloLZWBR7zl2tSLb/kqEkTrk/hvt9yr62i1JT
Dx0EHS5lzcyVjQg+EciM8LfB20SoF+dHIVMmkcmGWeDHY2ETHTXMhRWILv5r1TDi
mo98jiJH6b7E9dQYmJlfgfEeqALDZC1/mj4HWeIJ9Fv4HdshAbgiYiZ+jawHj6lq
hh5zTgOJc0E64eMQoXyETKyY71B+LRlA/q43Jw3M+1C3DfMytyuhcyjMzsXo3Svi
PKsw6WRpH34tCw==
=cYFQ
-----END PGP SIGNATURE-----
--RMedoP2+Pr6Rq0N2--
