encrypt authentication credentials with payload in the clear?

Scott Bolte listS+openssh-unix-dev at niss.com
Sun Mar 2 00:25:23 EST 2003

	Is it possible to use encryption only for authenticate and
	then switch to no encryption? I've looked at the code for
	OpenSSH 3.5p1, cipher.c, and it looks like the answer is
	no, at least for protocol 1. However, I cannot tell if that
	is a deliberate design limitation of the implementation or
	if it is inherent in ssh protocol 2.

	My dilemma is a customer who wants to use their network IDS
	to monitor all traffic.  I can have a VPN tunnel to the
	edge of their network, but from that point on they want the
	traffic in the clear so they can monitor it.

	Does anyone know of a technique that would let me satisfy
	the customer's requirements?

		Thank you,


More information about the openssh-unix-dev mailing list