On Wednesday 16 March 2005 07:31, Daniel Jarboe wrote:
> > The idea of having a ssh daemon running on windows with a tunnel into a
> > linux box gives me the creeps. All that basic security on linux lost,
> > because someone got in through windows. All you need to do is to visit
> > the wrong web page and somebody owns the windows machine. Won't take long
> > then to discover that external linux connection...
> >
> > I have a few low profile boxes that gets at least one ssh hack attack
> > every 2nd day or so. Just script kiddies, but attempts just the same.
>
> That "external linux connection" is not the evil you are making it out
> to be. Typically ssh tunnels are used to encrypt network traffic of
> unencrypted protocols. A program can put its stuff into the local
> end, the tunnel encrypts that traffic before anything is sent over the
> network, then when the data reaches the other side and is off the
> network it is unencrypted so the recipient program can do something
> with it (or refuse to... whatever login/authentication mechanism the
> program uses is not bypassed). Neither program has to know anything
> about how the data is encrypted. ssh is just the data transport here,
> it doesn't mean having an open door to run any command a shell will
> allow. All you are doing is adding a layer of protection against
> prying eyes on the network.
>
> ~ Daniel
I suppose you can read that into what I said. What I said was having a tunnel
from a windows box into a linux box.
As I'm sure you know ssh can be used to make a VPN. Ssh then will not care who
enters the port once it's open. The fact is that windows is easy to hack.
Not to say that each and every use of ssh on a windows box is a liability, as
you correctly point out. Especially if you are required to login each time.
But if you, as I reflected on with my original post, leave a port open any
program can use it.
Another fact is that a breached box is breached, and from there on it only
gets worse if there are any open remote connections available.
I also suppose that you can think that I'm speaking against ssh, which I'm
not. It's simply a comment on using a windows box in a linux network, and the
windows box becoming a open backdoor into the network. Helped by a VPN.
--Steve Szmidt
"They that would give up essential liberty for temporary safety deserve neither liberty nor safety." Benjamin Franklin ----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 16:12:44 EDT