I have found that the Cygwin's current OpenSSH implementation is completely
workable for my Win98 client to Win98 server connection. I've been using it
for several weeks now. Others had indicated previously that SSH works on
most other platforms, so it seems that "we have arrived". The latest
experimental version even has good support for Protocol version 2 (reverse
port forwarding now works).
Dave Habermann
-----Original Message-----
From: Jerry Coker [mailto:[EMAIL PROTECTED]]
<SNIP>
> Date: Tue, 23 Jan 2001 18:49:31 -0300
> From: =?iso-8859-1?Q?Iv=E1n_Arce?= <[EMAIL PROTECTED]>
> Subject: [CORE SDI ADVISORY] Weak authentication in ATT's VNC
>
> Vulnerability report for weak authentication in ATT VNC
>
> Technical Description:
>
> 1. Man in the middle attack against client/server authentication
>
> - 'M' waits for a connection from a legit client 'C' to 'S'
<SNIP>
Thanks for posting to the list. Question: Until we can implement vnc
tunnelling via ssh for our user base (we just started using winvnc here)
will using the AuthHost registry hack, as we currently do,
(example: "-:+www.xxx.yyy") prevent 'M' from being able to 'wait for a
connection from a legit client'? TIA.
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
