Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] remote admin: su vs login as root
  • From: Steffen Dettmer <steffen@xxxxxxx>
  • Date: Sat, 12 Jan 2002 16:54:31 +0100
  • Message-id: <20020112165431.C2618@xxxxxxxxx>
* Peter Nixon wrote on Fri, Jan 11, 2002 at 19:35 +0200:
> On Fri, 11 Jan 2002 11:53:47 +0100
> "Reto Inversini" <inversini@xxxxxxxxxxx> wrote:

> more of the ipsec capability in the native kernel, but Rusty
> said that he's never going to include it in it's current state,
> as a) buggy b) possibly/probably has remote root exploits in
> the userspace daemons
> c) doesn't hook into the rest of the kernel correctly

Yes, sometimes it seems that freeswan is not really clean and
bullet-proof. There are cases where it isn't fitting correctly
and such. Well, it's a really complex thing. The bug history of
course is not small...

> Now I ask you. What would you prefer to run as your face to the
> world?
>
> - OpenSSH

It would prefere OpenSSH for Shell-Access things. But I wouldn't
use portforwarding constructions if more than shell access is
needed.

> - FreeSwan - Which is written by a small subset of the Linux
> community, and is regarded the guy who writes the linux
> firewall code as buggy??

I would use it when I do need secure IP layer security, i.e. when
needing non-shell services.

OpenSSH lives on Application Layer. But this, you can identify
users (not machines). It's more "endpoint-endpoint" than network
level crpytography. OpenSSH allowes to fine grain permissions by
user, source and whatever. On network level this is not possible.
OpenSSH updates are much more easy (especially remotely) that
freeswan/kernel updates, makes your chance of fast reaction
greater. OpenSSH is more easy to set up correctly (especially if
you have also Windows-Clients). OpenSSH get's usually involed by
user interaction, which makes it easy to put the keys on floppies
instead of theoretically potential compromized hard disks (with
floppies, an attacker need additonally guess the timepoint when
the floppy is inserted. Well, not the after-all solution, but a
litlle better that HDDs). OpenSSH makes it more easy to use
passphrases; IPSec gets startet usually autoamtically and
transparent, which requires that some automatism can get the
plain keys without user interaction. An Attacker can use IPSec
without users notice more easy than hijacking an SSH session I
think (in case of IPSec, the attacker needs just to connect :)).

So finally I think I would use OpenSSH if possible. But if you
need network (application transparent) security, you should use
IPSec instead of OpenSSH + pppd or such non-reliable
constructions (I tried this once, and in the test environment
there were many fails without noticeable resons and so on).

oki,

Steffen

--
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.

< Previous Next >