Is ssh not safe?

Bruno Wolff III bruno at wolff.to
Sat Jul 24 18:04:12 UTC 2004


On Sat, Jul 24, 2004 at 12:37:23 -0500,
  Michael Sullivan <michael at espersunited.com> wrote:
> I've been following the "Hack Attempts" thread and I've come to the
> conclusion that having my router route port 22 requests through to my
> server PC is not safe.  Here's my situation.  I use my server PC for web

It is better than using telnet or ftp.

> hosting and email.  Most of my users access their accounts from outside
> the router (my network is based in my apartment and my wife and I are
> the only ones who use it here.)  I don't users telnetting in because of
> the security risk (I don't quite understand this, but I've read about it
> in more than one place, so it's probably true), so I've enabled ssh so

With telnet passwords are sent over the net in the clear so you that people
who can see your network traffic can steal passwords. This might not be
a big risk for you, but ssh is a better way to go. sftp is an alternate
way to provide an ftp like interface that doesn't send traffic in the
clear. I don't know if there are graphical clients that work with sftp,
but if your users are using telnet they probably don't need one.

> that they can log in and change their passwords if need be.  They upload
> their web pages through FTP, supplying their username and password. 

Which again is vulnerable to sniffing.

> Spammers try to use the mail server every day - I have to read about it
> in my daily Logwatch, but I don't think they ever succeed.  I should
> probably keep a closer eye on the logs.  Is there a way for users to
> change their passwords through their FTP clients?  Or is there a safer
> way to allow them to change their passwords?

I think you want to continue to provide ssh and let them change their
passwords with the passwd command.

scp is another way to upload files that is part of the ssh suite. For
batch copying it can be easier to use then sftp.





More information about the fedora-list mailing list