[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] ssh access

To: "Paquette, Trevor" <TrevorPaquette@metronet.ca>
Subject: Re: [FW1] ssh access
From: Judson Main <judson@btg.com>
Date: Tue, 09 Nov 1999 12:28:34 -0500
Cc: 'Lance Spitzner' <lance@ksni.net>, Ivan Fox <ifox100@hotmail.com>, fw-1-mailinglist@lists.us.checkpoint.com


I would take strong objection to its being the future of SSH.
Their pricing is outrageous for ssh servers.  To secure a small
shop would cost at least $10,000 in software.  Remember,
the price of $500 applies per individual server.  Either you're
going to turn telnet off everywhere, or not.  If you turn it off
everywhere, then you have to pay a steep price.

A lump sump corporate license would be a better solution.
Most tech folks would have a hard time convincing their
managers to spend $500 per server for a different kind of
telnet (mine immediate manager understands, but his don't -
and there's no way in hell I could every get a PO through!)

.02

Jud.

"Paquette, Trevor" wrote:

> Actually SSH version 1.X is not free for commercial use either.
>
> I talked DIRECTLY to DataFellows regarding SSH 1.0
> about this. If SSH 1.0 is used in any manner, shape or form in a
> commercial environment, then it must be licensed. (whether it
> directly or indirectly generates revenue.)
>
> According to DataFellows, the license was written by Finnish
> lawyers, in their language and was translated into English. The
> translation lost some of it's original meaning. Because of this,
> they have been reluctant to enforce the license.
>
> SSH2 is technically superior to SSH1, and is the future of SSH.
> It is faster and even has sftp. I for one, have told our senior
> folks that with SSH2 I can lock down the servers even more. And
> at a dollar cost of (approx) $500, less then 2 dollars per day
> in a year, I (and they) can sleep better.
>
> > -----Original Message-----
> > From: Lance Spitzner [SMTP:lance@ksni.net]
> > Sent: Sunday, November 07, 1999 8:42 PM
> > To:   Ivan Fox
> > Cc:   fw-1-mailinglist@lists.us.checkpoint.com
> > Subject:      Re: [FW1] ssh access
> >
> >
> > On Sun, 7 Nov 1999, Ivan Fox wrote:
> >
> > > We are thinking to use SSH, but have no experience with it or Unix at
> > all.
> >
> > Alot of people have been asking me about ssh and how to use it in
> > a firewalled environment.  I may have a topic for my next whitepaper :)
> > To be dead honest, I'm still learning about ssh every day, it has
> > many powerful options.
> >
> > > Am I correct to say that there is no SSH for Microsoft NT?
> >
> > I believe there are several options for sever based ssh on NT,
> > however I have never used any.  I know for a fact there are many
> > client based ssh options for Windows and NT, I'm personally a big
> > fan of SecureCRT from http://www.vandyke.com
> >
> > > However, I can setup a UNIX server so that users can "ssh" to it and
> > then to
> > > NT and/or other UNIX servers?
> >
> > That is definitely an option, you would be building a ssh proxy.
> > This adds an addtional layer of security as you have central point
> > of inboud traffic, and can log who is accessing what.
> >
> > > What if the NT servers are in DMZ, would users use the SSH server as a
> > > spring board to other servers?
> >
> > Once again, that is an option with your ssh proxy server.  It really
> > depends on your network, what traffic is going where, and your security
> > policy.
> >
> > > With implementation of SSH, I can limit users just using FTP, but not
> > > TELNET, through OS?!
> >
> > I'm a little confused by this question.  ssh can be used as an encrypted
> > replacement for telnet.  It also has scp, which is an encrypted method
> > of copying files.
> >
> > For more info on ssh, download the source and check out the docs.  You
> > can find ssh at http://metalab.unc.edu/pub/packages/security/ssh/
> >
> > I recommend version 1.2.27.  Version 2.x and above has licensing issues
> > (ie, not free).
> >
> > Lance
> >
> >
> >
> > ==========================================================================
> > ======
> >      To unsubscribe from this mailing list, please see the instructions at
> >                http://www.checkpoint.com/services/mailing.html
> > ==========================================================================
> > ======
>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] FTP on High Ports
Next by Date: [FW1] Installing Security Policy
Prev by thread: RE: [FW1] ssh access
Next by thread: [FW1] Checkpoint Firewall 4.0
Index(es):
- Date
- Thread