Speaking of mail etc

Konrad konrad at figment.math.uno.edu
Tue Jul 29 22:01:24 EDT 2003


Ah, so that's a closed system. I thought the question was in regards to an
enterprise solution - where there are many users that just want mail - no
shell, and not needing such complex setup for an average user while still
being secure.


Regards your comment about "anyone can access the port and try to login by
guessing a password, whereas with ssh, someone would have to first break
ssh to get in. " that seems wrong. Anyone can access SSH port and also
guess the password. How does that correspond to "break SSH" ?

If you mean that you have your IP listed in HostsAllow in sshd.conf - you
can do the same in hosts.allow (combined with hosts.deny).


On 29 Jul 2003, John Abreau wrote:

> On Sat, 2003-07-26 at 13:21, Konrad wrote:
> 
> > Why not use POP3/IMAP/sendmail with SSL instead of creating the SSH
> > tunnel?
> 
> I have one port open into my home server: port 22, for ssh. It's 
> straightforward to use, and does the job well. The question isn't 
> "Why not use SSL"; rather, the question is "Why use SSL". 
> 
> In order to use SSL, I have to open up another port, which would 
> make my system that much more complex to maintain. In addition, 
> by using SSL, anyone can access the port and try to login by guessing 
> a password, whereas with ssh, someone would have to first break 
> ssh to get in. In order to do that, they'd have to either get a copy 
> of my id_dsa private key and guess my passphrase, or find an exploit 
> for openssh and use it before I have a chance to upgrade openssh 
> on my server. 
> 
> -- 
> John Abreau / jabr at abreau.net / http://www.abreau.net 
> (PGP) D5C7B5D9 / (FP) 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99
> 
> 




More information about the Discuss mailing list