encrypt authentication credentials with payload in the clear?
James Dennis
jdennis at law.harvard.edu
Tue Mar 4 01:45:05 EST 2003
>>No.
>>
>>- Ben
>
>
> Why not?
>
> Network managers that want to run NIDS can hardly be unique.
Shouldn't the IDS be detecting known attacks, not ssh traffic? Unless
the attack is directed towards sshd (in which you won't get very far,
Thanks Niels) the IDS should behave as normal. I think most of the
attacks I remember regarding SSH attacked the authentication process
anyway, so encrypting that and nothing else doesn't actually help you
much. You'll only leave your users vulnerable to sniffing
commands/passwords/directory structures/etc.. and possibly injection
commands like what hunt used to do for telnet
(http://lin.fsid.cvut.cz/~kra/index.html).
> As long as users are comfortable with their traffic being
> visible, having the authorization exchange protected is a
> major step up from the traditional rsh.
SSH is not rsh. What users would be comfortable with the traffic being
visible?!? If thats what you _really_ want, maybe look into telnet with
kerberos.
-James
More information about the openssh-unix-dev
mailing list