[cvsnt] Re: sspi vs. ssh ?!?

Tony Hoyle tmh at nodomain.org
Sat Nov 8 10:16:15 GMT 2003


On Sat, 08 Nov 2003 01:01:30 +0100, Ralf Steinhaeusser
<stralf at gmx.net> wrote:


>On the other hand I read SSH is most secure.
>My question: How insecure is sspi? Does it only use the login-password
>(which can be very short) as security?
>And is it suitable for my needs? (e.g. will it work if the server sits
>behind a router?)

SSPI is secure enough provided the clients are all NT/2000/XP and you
switch encryption on.  NTLMv2 has weaknesses but it'll withstand
casual attempts to break it.

If you're really paranoid you can use sserver which is a pserver
session encrypted in an SSL tunnel - pretty unbreakable unless the
client machine is compromised.

>Or is setting up ssh very easy (this section is missing in the doc's I
>found) and can this "commit-as-System" - problem be solved easily?

Setting up ssh is easy enough but the commit-as-System stuff is a
limitation that nobody has found a way around yet.

Tony



More information about the cvsnt mailing list