Security Basics mailing list archives
AW: SSH / Witch options are secure ??
From: <MatzeGuentert () gmx de>
Date: Sat, 16 Aug 2003 22:16:53 +0200
Are md5 stored passwords more secure than des ones?? Installing suse 8 from scratch enables des passwords per default. This means that I cant use md5 for ssh, doesn't it? Sincerely Matthias Guntert
-----Ursprungliche Nachricht----- Von: Chris Ess [mailto:azarin () tokimi net] Gesendet: Samstag, 16. August 2003 01:32 An: MatzeGuentert () gmx de Cc: security-basics () securityfocus com Betreff: Re: SSH / Witch options are secure ??Hello list I have just set up a suse 8.0 isdn router and want to update sshd.
Which
options do you choose via ./configure to be as secure as possible? Is the default installation secure enough? I have downloaded the
newest
release 3.6.1p2. I have red that OpenBSD with SSHD 2.9.9 - 3.3 is vulnerable with
this
options enabled. -- SSH2 support -- Challenge-response authentication enabled (reported by exploit,
sort
of) -- SKEY and/or BSDAUTH defined at compile time (reported by exploit) I now I am paranoid 8^) but this will be the only reachable service
from
outside. Any hints on this?SSH v2 is more secure than SSH v1, or so I'm told. So, if you are paranoid about security, I suggest requiring SSH v2. I also suggest requiring key-based authentication and enabling some
sort
of mechanism to deny SSH connections except from certain IPs.
However,
both of these can be set within the sshd_config To answer your initial question, I use: ./configure --with-pam --with-md5-passwords --with-tcp-wrappers This is because my machine uses PAM and MD5 passwords... And TCP
wrappers
is an all around good idea, I think. (I could be wrong.) I hope this helps. Sincerely, Chris Ess System Administrator / CDTT (Certified Duct Tape Technician)
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- SSH / Witch options are secure ?? MatzeGuentert (Aug 15)
- Re: SSH / Witch options are secure ?? Chris Ess (Aug 16)
- AW: SSH / Witch options are secure ?? MatzeGuentert (Aug 16)
- Re: AW: SSH / Witch options are secure ?? Chris Ess (Aug 18)
- AW: SSH / Witch options are secure ?? MatzeGuentert (Aug 16)
- Re: SSH / Witch options are secure ?? Gabriel Orozco (Aug 16)
- <Possible follow-ups>
- RE: SSH / Witch options are secure ?? Adil Can (Aug 18)
- Re: SSH / Witch options are secure ?? Chris Ess (Aug 16)