Re: Legacy option for key length?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Tue, Jan 2, 2018 at 11:13 AM, Cedric Blancher
<cedric.blancher@xxxxxxxxx> wrote:

> There is a simple solution: Hardware certified per MIL standards (US
> DOD MIL standards) support kerberized telnet, so ssh can be declared
> as "not needed" / "obsolete" for that purpose.

And "if wishes were fishes, we'd all swim in riches". Kerberized
*anything* requires a Kerberos server, a really reliable server or set
of servers, to manage the credentials. Many "kerberized telnet" setups
don't actually use the Kerberized telnet protocols on port 6623, they
just use the telnetd on port 23 of the telnetd server to authenticate
the user against the Kerberos server. And many obsolete, setups don't
even bother with *that*.  Been there, done that, should have gotten
the T-shirt.

I'm afraid that many admins, even in DoD environments, fail to bother
with setting up these kinds of basic protections. Explaining the
distinctions can be... adventuresome.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux