encrypt authentication credentials with payload in the clear?

James Dennis jdennis at law.harvard.edu
Tue Mar 4 01:45:05 EST 2003

>>- Ben
> 	Why not?
> 	Network managers that want to run NIDS can hardly be unique.

Shouldn't the IDS be detecting known attacks, not ssh traffic? Unless 
the attack is directed towards sshd (in which you won't get very far, 
Thanks Niels) the IDS should behave as normal. I think most of the 
attacks I remember regarding SSH attacked the authentication process 
anyway, so encrypting that and nothing else doesn't actually help you 
much. You'll only leave your users vulnerable to sniffing 
commands/passwords/directory structures/etc.. and possibly injection 
commands like what hunt used to do for telnet 

 > 	As long as users are comfortable with their traffic being
 > 	visible, having the authorization exchange protected is a
 > 	major step up from the traditional rsh.

SSH is not rsh. What users would be comfortable with the traffic being 
visible?!? If thats what you _really_ want, maybe look into telnet with 


More information about the openssh-unix-dev mailing list