The ssh solutions (sftp, scp) etc. are reasonable ones for avoiding the (probably minimal) risk of a sniffed clear text password. However, there have been repeated problems with serious vulnerabilities in the ssh suite that could lead to root compromises. There have been several CERT Advisories and numerous Vulnerability Notes. The most recent advisory is: "CERT Advisory CA-2002-36 Multiple Vulnerabilities in SSH Implementations" As a result, our internal policy is to block ssh at the firewall, opening the port on request for a limited duration and for connections only from a specific address or address range. Requests have to be made out of band and authenticated. Typically, I make the request by internal email and confirm it in person to the systems staff before I go on the road. You may find that this level of paranoia is excessive for your organization. John McHugh
This archive was generated by hypermail 2b30 : Fri May 09 2003 - 06:27:14 PDT