Re: [cobalt-users] FIX - can't su to root, email stopped working, gui stopped working, postgres database is down, virtual sites disappeared

[Jay Summers <jay@xxxxxxxxxxxxxxxxxxxxx>]

>>> Gerald, you are correct.  FTP can be reconfigured to allow root logins, but
>>> that's totally independent from the SSH config file.  Incidentally, I
>>> generally consider the fact that the openssh PKG allows root login by
>>> default to be a feature, not a hole.  I do consider the fact that it allows
>>> SSH protocol 1 traffic by default to be a hole though and I plug that
>>> immediately after an install.  My 2 cents.
>> 
>> Correct me if I'm wrong, but I don't think the SSH1 protocol is anymore
>> unsafe than SSH2 as long as it's the latest stable/secure release. I don't
>> really have any links to back up my claim but I believe that I read this
>> somewhere before. Maybe even this list...
> 
> I am subscribed to the ssh list and most people on the list seem to think that
> SSH1 is not secure [enough]

Thanks Gerald. David Lucas was nice enough to point me to a post from Brent
Sims. Somehow I must have missed this thread, and it is certainly sobering.

http://list.cobalt.com/pipermail/cobalt-users/2002-February/062090.html

>} If you've got a sniffer that can read SSL and SSH encrypted traffic
>} please take your invention to CERT and get it validated as such
>} <smile>.  Because if you can sniff and read passwords, etc., in real
>} time, then you've got an amazing invention.
>
>Hi Jeff,
>
>         I did not invent it. I did, however dowload it at the
>below listed URL and so can you. While you can shoot at me me for
>neglecting to mention that it currently can only sniff SSH1, I
>suspect there are a whole lot of people on this list using SSH1, and
>"sniff SSH" ettercap most certainly can do:
>
>         http://ettercap.sourceforge.net/

-- 
http://www.bizmanuals.com