[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
AAARRRGGHHH! Re: OT: security of ssh/RSAAuthentication
Well, I need to answer myself:
On Wed, Jan 10, 2001 at 02:08:45PM +0100, Toni Mueller wrote:
> When I use RSAAuthentication, how much more or less
> secure is this compared to using normal
> ssh -l loginname host?
Answer: Using RSAAuthentication is not more secure than
other ways because this demands the usage of protocol
version 1 which appears to have a small window that
allows anyone (in the proper position) to catch the
session and snoop on it (so far goes my reading of
man sshd). There could, of course, well be some kind
of domino effect once a host is cracked where users
have empty passphrases and RSAAuthentication on.
--Toni, who types much faster than he thinks :( ++