Firewall Wizards mailing list archives
RE: What's the deal with SSH? (was: PIX software release 5.2)
From: "Robert Purdy" <liteyear () ihug co nz>
Date: Tue, 26 Sep 2000 21:57:36 +1200
SSH serves to help prevent someone from snooping on the packet stream passing between two computers. This includes the authentication process, which is why it is so widely favored over telnet (because telnet does its authentication via plaintext). It should be noted, however, that all SSH does is secure the datastream between the two endpoints. There are a ton of ways the security of the actual session could still be broken. Still, it's far better than telnet.
Does this mean that if a box is compromised the traffic can still be monitored? Say users are accessing a *nix box via sshd/ssh (opensource version). If the box is compromised but the attacker does not have root access, is it possible for the attacker to snoop the traffic between a user running as root via ssh? I was of the understanding that the total session was encrypted. Still that was assumed - ass (of) u (and) me Regards, Rob Purdy _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- RE: What's the deal with SSH? (was: PIX software release 5.2) shewitt (Sep 22)
- RE: What's the deal with SSH? (was: PIX software release 5.2) Carson Gaspar (Sep 22)
- <Possible follow-ups>
- RE: What's the deal with SSH? (was: PIX software release 5.2) sean . kelly (Sep 25)
- RE: What's the deal with SSH? (was: PIX software release 5.2) Robert Purdy (Sep 26)