SSH hacked?

Steve Lamb grey at dmiyu.org
Sun Jan 18 10:56:05 UTC 2009


Gilles Gravier wrote:
> No reason to not let SSH port 22 open if the security behind it is good.
> By using knockd, you are adding an additional layer which isn't strictly
> necessary.

    At a friend's house, no key, how to log in?  And again, there is a good
reason to not leave it open.  It is the same reason for every service.  If it
isn't needed to be wide open DO NOT LEAVE IT WIDE OPEN, PERIOD!  No, I'm not
sorry about the caps.  It cannot be stated enough when such poor thinking in
terms of security is being spread as reasonable.  It boils down to this,
closing it off unless the world needs to touch it inoculates your system from
*all* past, present and *future* exploits, known or *unknown*.  Opening it up
makes it vulnerable to all present and *future* known and *unknown* problems.

    Key words are future and unknown.  If you think SSH is secure remember
that for almost 2 *years* it wasn't.

-----
DSA-1571-1 openssl -- predictable random number generator

Date Reported:
    13 May 2008

[snip to relevant portion of the vulnerability]

    The first vulnerable version, 0.9.8c-1, was uploaded to the unstable
distribution on 2006-09-17...
-----

-- 
         Steve C. Lamb         | But who can decide what they dream
       PGP Key: 1FC01004       |      and dream I do
-------------------------------+---------------------------------------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20090118/e8b9b957/attachment.pgp>


More information about the ubuntu-users mailing list