SSH a bezpecnost

[uhlar na fantomas.sk]

Petr Dressler <doktor na pz.cz> wrote:
-> Mam nainstalovanej RH6.2 na serveru Inetu a vzhledem k tomu, ze nemam k
-> serveru takrka zadny fyzicky pristup, jsem odsouzen k pouzivanu SSH.
-> Nekdo o me rika, ze jsem paranoidni, ale ja akorat nechci, aby mi ho nekdo
-> zboril a proto se ptam:

-> Jakej protokol pouzivat, kterej je pouzitelnej a bezpecnej?
-> Na vyber je DES, 3DES, Blowfish a RC4.
-> Momentalne pouzivam 3DES, ale nejsem si jistej, ze je to to pravy vorechovy.

rc4 je slaby, odporucam blowfish alebo 3des, pripadne ak by sa dala idea...

BLOWFISH
========

Bruce Schneier's block cipher that was designed to be a fast and free
alternative to existing encryption algorithms. It is unpatented and
license-free. SSH version uses a 128-bit key for Blowfish (the
algorithm allows anything from 32 to 448 bits).

Performance on a pentium machine is about 88% of "none" encryption.

You can disable it by giving the --without-blowfish option to
configure. It is ON by default.

3DES
====

Three-key triple-DES (effective key length of about 112 bits) in inner
CBC-mode. This is the default fall back cipher that is used if the
client asks for a cipher that isn't supported by the server.

RSA private key files are encrypted by 3DES by default. (Some older
versions encrypted private key files with IDEA, and such key files may
still be around.)

Performance on a pentium machine is about 45% of "none" encryption.

You cannot disable it, because the it is mandatory cipher. 


-- 
 Matus "fantomas" Uhlar, sysadmin at NEXTRA, Slovakia; IRCNET admin of *.sk
 uhlar na fantomas.sk ; http://www.fantomas.sk/ ; http://www.nextra.sk/
 "One World. One Web. One Program." - Microsoft promotional advertisement
 "Ein Volk, ein Reich, ein Fuhrer!" - Adolf Hitler