Please try to configure your email client so that it performs word wrapping at around 72-78 characters. Thank you. On Tue, 2003-04-22 at 21:37, Michael Creed Jr. wrote: > I've been using SSH here to my linux box for quite a while and I > like it alot. My question though, how safe am I right out of the > box with SSH? Pretty secure, IMO. > I use PuTTY on Windows to connect to my linux box > and I never copied the public key over from the linux, so does > that mean I'm not using RSA encryption? If you connect for the first time over a trusted network (say, over your own LAN), then that's no problem. The SSH client (putty) caches the server key somewhere on the disk, and since the LAN is trusted, you know it's the correct key. From then on, you can just go ahead and connect. OTOH, if putty tells you after a while that the server key changed, that may be a sign of a man-in-the-middle attack. However, that's pretty rare, usually it's just someone who reinstalled the OS on the server. :-) > Does it also mean I'm using > insecure rsh to perform my remote logins? no > Also, when I ./configure'd my source SSH packages, I didn't have to > specify the location of OpenSSL or Zlib. Is that normal? Yes, openssh was probably smart enough to figure that out itself. OTOH, if you don't have special requirements, you can just use the binary OpenSSH package provided by your distribution, no compilation required. In the overwhelming majority of cases, that's all you'll ever need. -- Florin Andrei "The state of security in the software industry is 'don't worry, be crappy.'" - Maryann Davidson
