AW: SSH / Witch options are secure ??

[<MatzeGuentert () gmx de>]

Are md5 stored passwords more secure than des ones??
Installing suse 8 from scratch enables des passwords per default. This
means that I cant use md5 for ssh, doesn't it?

Sincerely 

Matthias Guntert

> -----Ursprungliche Nachricht-----
> Von: Chris Ess [mailto:azarin () tokimi net]
> Gesendet: Samstag, 16. August 2003 01:32
> An: MatzeGuentert () gmx de
> Cc: security-basics () securityfocus com
> Betreff: Re: SSH / Witch options are secure ??
>
> > Hello list
> >
> > I have just set up a suse 8.0 isdn router and want to update sshd.
Which
> > options do you choose via ./configure to be as secure as possible?
> > Is the default installation secure enough? I have downloaded the
newest
> > release 3.6.1p2.
> >
> > I have red that OpenBSD with SSHD 2.9.9 - 3.3 is vulnerable with
this
> > options enabled.
> >
> > -- SSH2 support
> > -- Challenge-response authentication enabled (reported by exploit,
sort
> > of)
> > -- SKEY and/or BSDAUTH defined at compile time (reported by exploit)
> >
> > I now I am paranoid 8^) but this will be the only reachable service
from
> > outside. Any hints on this?
>
> SSH v2 is more secure than SSH v1, or so I'm told.  So, if you are
> paranoid about security, I suggest requiring SSH v2.
>
> I also suggest requiring key-based authentication and enabling some
sort
> of mechanism to deny SSH connections except from certain IPs.
However,
> both of these can be set within the sshd_config
>
> To answer your initial question, I use:
> ./configure --with-pam --with-md5-passwords --with-tcp-wrappers
>
> This is because my machine uses PAM and MD5 passwords... And TCP
wrappers
> is an all around good idea, I think.  (I could be wrong.)
>
> I hope this helps.
>
> Sincerely,
>
>
> Chris Ess
> System Administrator / CDTT (Certified Duct Tape Technician)


---------------------------------------------------------------------------
----------------------------------------------------------------------------