[ILUG] Security (Telnet vulnerability & Password cracking)
Keith Clancy
Keith.Clancy at Berlitz.ie
Thu May 10 14:50:06 IST 2001
Using SSH your password is Encrypted with a Randomly generated RSA key,
People can get your password using telnet with an app like dsniff. Get
Putty.. and get them to close the telnet port on all your boxes, it sux.
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
It's a Windows ssh client... carry it round on a disk with you.. it's easier
:)
Bye!
"Plenty of people miss their share of happiness. Not because they never
found it, but because they didn't stop to enjoy it."
-----Original Message-----
From: ilug-admin at linux.ie [mailto:ilug-admin at linux.ie]On Behalf Of John
A. Kinsella
Sent: 10 May 2001 14:39
To: Irish Linux Users Group
Subject: [ILUG] Security (Telnet vulnerability & Password cracking)
Hi.
I've been told that a security audit is under way in some form here in UL.
The issues that have cropped up include the vulnerability of telnet & use
of password crackers.
I already knew about the first.
So to my two questions:
1) Is there a way to make ssh easy to use in the following environment: I
move from classroom to classroom here & often run up telnet under Win* to
connect to my Linux box (e.g. to copy files across to a smb share). If I
switch to ssh, do I have to carry keys round on a floppy? I presume there
is a Win* client.
2) Is my Linux passwd file really vulnerable to a password cracker
(not a dictionary attack, but genuine decryption)? Presumably this doesn't
matter if I use ssh?...
Any advice would be appreciated.
John
John A. Kinsella Ph: +353-61-202148 (Direct)
+353-61-333644 x 2148 (Switch)
Mathematics Dept. e-mail: John.Kinsella at ul.ie
University of Limerick FAX: +353-61-334927
IRELAND Web: http://jkcray.maths.ul.ie
--
Irish Linux Users' Group: ilug at linux.ie
http://www.linux.ie/mailman/listinfo/ilug for (un)subscription information.
List maintainer: listmaster at linux.ie
More information about the ILUG
mailing list