encrypt authentication credentials with payload in the clear?
Scott Bolte
listS+openssh-unix-dev at niss.com
Sun Mar 2 00:25:23 EST 2003
Is it possible to use encryption only for authenticate and
then switch to no encryption? I've looked at the code for
OpenSSH 3.5p1, cipher.c, and it looks like the answer is
no, at least for protocol 1. However, I cannot tell if that
is a deliberate design limitation of the implementation or
if it is inherent in ssh protocol 2.
My dilemma is a customer who wants to use their network IDS
to monitor all traffic. I can have a VPN tunnel to the
edge of their network, but from that point on they want the
traffic in the clear so they can monitor it.
Does anyone know of a technique that would let me satisfy
the customer's requirements?
Thank you,
Scott
More information about the openssh-unix-dev
mailing list