Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: James Sparenberg (jameslivecam.com)
Date: Sat Dec 29 2001 - 16:55:44 CST
I can only speak from experience here but as for using OpenSSH over SSH I would have to say OpenSSH has far more advantages than disadvantages. Both in security and in response time to "security holes" On a 1 to 1 comparison I've found that they are equal in there ability to secure a box. With several (all but we are small) our servers running OpenSSH (4 Mandrake and one FreeBSD) I've had numerous attempts at break ins the last 2 years but 0 success. (Knock on wood.) In fact the only time we have been down was either from hardware failure (bad HDD) or when our upstream had a router attacked with a DoS attack. All that has been needed is paying attention to security alerts and patching holes. Most of wich occur outside of ssh, if and when they occur at all. (I patch our lone windows box weekly where as I've patched our 7.1 server for security reasons only about 3 times in the last year and a half) Don't be parinoid about OpenSSH. It works it's realiable and most imp!
ortant the "attitude" of it's developers seems to me to be a lot more sociable in nature. (maybe that's just me)
On Wed, 26 Dec 2001 14:38:30 +0200 (IST)
Tzafrir Cohen <tzafrirtechnion.ac.il> wrote:
> On Wed, 26 Dec 2001, Ng Su-Hwei Nat wrote:
> > Hi All,
> > This is my first time sending to Mandrake Mailing List.
> > I liked to enquire if anyone tried installing SSH 3.1.0 on Mandrake 8.0
> > before ?
> > Is there any problems encountered as I read there it works fine apparently
> > on Mandrake 7.2 so liked toknow how is it like on Mandrake 8.0 ...
> Not an answer to your question, but:
> Any good reason for using ssh and not openssh (obvious reasons for using
> openssh: license, and it comes with the system)
> > Also, is there any apparent security concerns with OpenSSH for Mandrake 8.0
> > as we are paranoid about it ...
> One obvious place to look at is:
> (Check for "security" on the mandrake homepage)
> Quoting the latest errata from there (MDKSA-2001:092):
> The new OpenSSH 3.0.2 fixes a vulnerability in the UseLogin option. By
> default, Mandrake Linux does not enable UseLogin, but if the
> administrator enables it, local users are able to pass environment
> variables to the login process. This update also fixes a security hole
> in the KerberosV support that is present in versions 2.9.9 and 3.0.0.
> There was a previous errata about ssh as well. It is not volnurable to a
> remote root exploit that is now circulating, but has some smaller issues
> that should be fixed.
> Tzafrir Cohen /"\
> mailto:tzafrirtechnion.ac.il \ / ASCII Ribbon Campaign
> Taub 229, 972-4-829-3942, X Against HTML Mail
> http://www.technion.ac.il/~tzafrir / \
> For help, email discuss-helpmandrakesecure.net; to unsubscribe send a
> message to discuss-unsubscribemandrakesecure.net. To visit MandrakeSecure,
> go to http://www.mandrakesecure.net/.
For help, email discuss-helpmandrakesecure.net; to unsubscribe send a
message to discuss-unsubscribemandrakesecure.net. To visit MandrakeSecure,
go to http://www.mandrakesecure.net/.