On Sun, 14 Dec 2008, Jakub Narebski wrote:
david@xxxxxxx writes:
this is really a reply to an earlier message that I deleted.
the question was asked 'what would the security people like instead of
SSH'
as a security person who doesn't like how ssh is used for everything,
let me list a couple of concerns.
ssh is default allow (it lets you run any commands), you can lock it
down with effort.
How is VPN better than that?
ssh defaults to establishing a tunnel between machines that other
network traffic can use to bypass your system. yes I know that with
enough effort and control of both systems you can tunnel over
anything, the point is that ssh is eager to do this for you (overly
eager IMHO)
How is VPN better than that?
ssh depends primarily on certificates that reside on untrusted
machines. it can be made to work with tokens or such, but it takes a
fair bit of effort.
There probably VPN differs...
sshd runs as root on just about every system
And VPN doesn't?
you aren't having the VPN software running commands passed to it by the
outside world.
[...]
The idea with using SSH was, I think, that it is easier and better to
use existing solution for authentication and authorization than roll
your own (see the case of CVS pserver, and Subversion svnserve).
I'm not saying that it's good to roll your own from scratch, you need to
use libraries that have been examined and validated, but SSH is a swiss
army knife, it's designed to do lots of things, and when you are exposing
things to the outside world you want them to be as limited as possible to
limit the damage that they can do.
David Lang
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
