Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: OpenSSH is a good choice?
From: Barrie Dempster <barrie () reboot-robot net>
Date: Mon, 20 Dec 2004 20:29:29 +0000

On Sat, 2004-12-18 at 01:49 -0200, Carlos de Oliveira wrote:
Hi there!

I am going to install OpenSSH in one of my servers, but I want to make
sure it is secure.
Does anybody know about vulnerabilites on OpenSSH, if yes, would you
like to suggest me another remote secure shell ?

OpenSSH has had a few vulnerabilities in the past but it is extremely
good from a security standpoint, the reason it's had a few vulns is that
it is commonly audited code (everyone wants to find an OpenSSH bug).
Being one of the most widely used FOSS projects gives it this advantage,
imo, being so widely audited means the code has to hold up to intense
scrutiny. This is something the OpenSSH/BSD guys have stood up to time
and time again producing good quality code, at least in regards to
security. I personally wouldn't look past it for a secure shell

Security aside it's also a very good project with massive amounts of
documentation on-line which means you can effectively manage it.

With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue


[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]

Attachment: signature.asc
Description: This is a digitally signed message part

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]