FC3 Security
Jeff Kinz
jkinz at kinz.org
Wed Mar 9 18:18:51 UTC 2005
On Wed, Mar 09, 2005 at 05:46:55PM +0000, James Wilkinson wrote:
> Jeff Kinz wrote:
> > Any IT dept that equates sshd to a server is either not up to snuff
> > technically (and in a really bad way.), or they are being duplicitous.
> > (Thats another word for lying)
>
> If it's open to the outside world? Yes, I'd call that a server. There
ssh = "Secure Shell" So this is basically a terminal session thats
being encrypted (A good thing, TM) for security reasons. (yes - you can
do VNC or X over an ssh link too, that was not it major purpose and even
in those cases it is still a terminal session)
So being able to access the command line of any machine remotely
means its a server - by this definition every windows machine is also a
server. That does not match up with the apparent behavior of that local
It dept.
Perhaps the term "service" and "server" are being used interchangeably
by that local IT dept
I do major amounts of work via ssh and I do consider it a service but
I don't consider the ssh daemon to be a "server" any more than I
consider a machines ability to receive email to be a "server" rather
than a "service"
> have been remote security vulnerabilities in both OpenSSH and SSH.com's
> offerings. And I'd want to be sure that the box was being looked after,
> had sensible passwords, and was being patched promptly.
Sure. As with all boxes.
--
http://www.fedoranews.org
Jeff Kinz, Emergent Research, Hudson, MA.
More information about the fedora-list
mailing list