Hi all,
I was wondering: I know that ssh is crap once you look at what it
actually does (overcomplex configuration/encapsulation/protocol), so is
there any alternative already in existence? If not, I have a proposal
for one: Shell over SSL.
The reason for SSL is that AFAIK most of the suck in it
Thorsten Glaser said:
>>> (The frontend needs not be graphical, of course.)
>>
>>Why?
>
>Erm… because graphical stuff sucks?
Sorry, I managed to miss the "not" part and wasted your time. Sorry again.
--
Dmitrij D. Czarkoff
On Sun, Nov 03, 2013 at 07:46:25AM +0100, Roberto E. Vargas Caballero wrote:
> > Once there was one that was trying to brute force my ssh, but, it was
> > sent very fast to blacklist.
> > I looked up a bit, and it was a known (found on web list of banned
> > ip's) hackers based on Russia.
>
> Only
On Sun, 3 Nov 2013 12:26:52 +0200
sin wrote:
> Word, I get something like ~100 attacks per few minutes. I rate limit
> it at the firewall level.
How effective is it to actually bind sshd to another port (like 1337 for
instance)?
Is that a sane defense against those attacks or have the
attackers
On Sun, Nov 03, 2013 at 09:47:34AM +0100, FRIGN wrote:
> On Sun, 3 Nov 2013 12:26:52 +0200
> sin wrote:
>
> > Word, I get something like ~100 attacks per few minutes. I rate limit
> > it at the firewall level.
>
> How effective is it to actually bind sshd to another port (like 1337 for
> instan
On 2013-11-03 09:47, FRIGN wrote:
> How effective is it to actually bind sshd to another port (like 1337 for
> instance)?
> Is that a sane defense against those attacks or have the
> attackers advanced in the last few years to to a broader portscan?
In my experience, it cuts it down quite signific
Greetings.
On Sun, 03 Nov 2013 12:43:50 +0100 Markus Wichmann wrote:
> Well, how is it? Critique? Endorsement?
Use ssh, it’s all there. The deployment vs. suck rate is too low in com‐
parison to what could go wrong implementing such a critical feature
in an insecure way.
Sincerely,
Chris
On Sun, 3 Nov 2013 19:08:16 +0800
Chris Down wrote:
> If you do this, you should make sure that you run on a port <1024,
> though, otherwise someone could find some way to make your daemon crash
> and masquerade as it (which is still protected a little assuming that
> your SSH host key is not rea
On 2013-11-03 12:43, Christoph Lohmann wrote:
> Use ssh, it’s all there. The deployment vs. suck rate is too low in com‐
> parison to what could go wrong implementing such a critical feature
> in an insecure way.
I agree about the last point, but I'm not sure deployment should factor
into it
On Sun, 3 Nov 2013 19:54:41 +0800
Chris Down wrote:
> Cryptography is a niche. Let the cryptographers do their business, I am
> not knowledgeable enough to say what sucks and does not suck in that
> arena (other than saying that OpenSSL is one of the worst pieces of shit
> I have ever had to deal
Greetings.
On Sun, 03 Nov 2013 12:59:36 +0100 Chris Down wrote:
> On 2013-11-03 12:43, Christoph Lohmann wrote:
> > Use ssh, it’s all there. The deployment vs. suck rate is too low in com‐
> > parison to what could go wrong implementing such a critical feature
> > in an insecure way.
>
> I
On 2013-11-03 11:07, FRIGN wrote:
> I could imagine a fork/rewrite based on OpenSSL's crypto-code, called
> "s3l" ("suckless ssl"), but see the implicated problems with it. You
> can't just rewrite software without having at least one real
> specialist to check the code. Looking at OpenSSL, it ha
gnutls?
--
Sylvain
On 2013-11-03 15:18, Sylvain BERTRAND wrote:
> gnutls?
I'm guessing to say that, you must have never used the horror that is
GnuTLS :-)
PolarSSL is okay-ish, it's GPL though.
pgpAn3Qh9vCuo.pgp
Description: PGP signature
>> gnutls?
>
> I'm guessing to say that, you must have never used the horror that is
> GnuTLS :-)
I used it a long time ago, nothing bad to say about it though. I
haven't read its code.
> PolarSSL is okay-ish, it's GPL though.
Good for me, I thought it was *BSD-like.
--
Sylvain
On Sun, Nov 03, 2013 at 12:24:38PM -0500, Bobby Powers wrote:
> There is a rather nice and complete looking SSH implementation in go:
> http://godoc.org/code.google.com/p/go.crypto/ssh
Unfortunately, this is not C, this is a high level language (a
naughty one: its syntax depends on an internal gar
On Sun, Nov 3, 2013 at 6:52 PM, Sylvain BERTRAND wrote:
> On Sun, Nov 03, 2013 at 12:24:38PM -0500, Bobby Powers wrote:
>> There is a rather nice and complete looking SSH implementation in go:
>> http://godoc.org/code.google.com/p/go.crypto/ssh
>
> Unfortunately, this is not C, this is a high leve
Greetings.
On Mon, 04 Nov 2013 06:42:40 +0100 Jacob Todd wrote:
> On Sun, Nov 3, 2013 at 6:52 PM, Sylvain BERTRAND wrote:
> > On Sun, Nov 03, 2013 at 12:24:38PM -0500, Bobby Powers wrote:
> >> There is a rather nice and complete looking SSH implementation in go:
> >> http://godoc.org/code.google
18 matches
Mail list logo
