Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: OpenSSH is a good choice?
From: Carlos de Oliveira <carlos.oliv () gmail com>
Date: Tue, 21 Dec 2004 01:57:06 -0200

Thank you all for you attention!
This helps me a lot. :-)


On Mon, 20 Dec 2004 18:12:21 -0600, Kevin <kkadow () gmail com> wrote:
Nobody sitting on exploits for the current version of OpenSSH will
share them in public.

Of the available SSH servers, OpenSSH (if you deploy the latest
version, with the latest OpenSSL library, and upgrade when new
versions come out for either OpenSSL or OpenSSH) is the least likely
to have remote exploits.

The most secure deployment of OpenSSH is to run OpenSSH on OpenBSD on
an architecture with W^X hardware support (Sparc/Sparc64/AMD64).

Personally, I would be nervous about having a SSH listener on TCP/22
accessible from any Internet IP that cares to connect.  You might
consider putting your server behind some sort of IPSEC VPN if you are
feeling paranoid.

Kevin


On Sat, 18 Dec 2004 01:49:39 -0200, Carlos de Oliveira
<carlos.oliv () gmail com> wrote:
Hi there!

I am going to install OpenSSH in one of my servers, but I want to make
sure it is secure.
Does anybody know about vulnerabilites on OpenSSH, if yes, would you
like to suggest me another remote secure shell ?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault