[cvsnt] Re: sspi vs. ssh ?!?
Tony Hoyle
tmh at nodomain.org
Sat Nov 8 10:16:15 GMT 2003
On Sat, 08 Nov 2003 01:01:30 +0100, Ralf Steinhaeusser
<stralf at gmx.net> wrote:
>On the other hand I read SSH is most secure.
>My question: How insecure is sspi? Does it only use the login-password
>(which can be very short) as security?
>And is it suitable for my needs? (e.g. will it work if the server sits
>behind a router?)
SSPI is secure enough provided the clients are all NT/2000/XP and you
switch encryption on. NTLMv2 has weaknesses but it'll withstand
casual attempts to break it.
If you're really paranoid you can use sserver which is a pserver
session encrypted in an SSL tunnel - pretty unbreakable unless the
client machine is compromised.
>Or is setting up ssh very easy (this section is missing in the doc's I
>found) and can this "commit-as-System" - problem be solved easily?
Setting up ssh is easy enough but the commit-as-System stuff is a
limitation that nobody has found a way around yet.
Tony
More information about the cvsnt
mailing list