encrypt authentication credentials with payload in the clear?

Scott Bolte listS+openssh-unix-dev at niss.com
Tue Mar 4 12:09:08 EST 2003

On Mon, 03 Mar 2003 09:45:05 -0500, James Dennis wrote:
> Shouldn't the IDS be detecting known attacks, not ssh traffic?

	Their concern is that the traffic, which will be remote
	service commands by the way, is completely opaque to them.
	They feel they need to monitor the internals to make sure
	it is appropriate traffic and not an unknown 3rd party using
	the cloak of encryption to hide inappropriate actions.

> SSH is not rsh. What users would be comfortable with the traffic being 
> visible?!? If thats what you _really_ want, maybe look into telnet with 
> kerberos.

	What I'm trying to do is standardize on ssh, which is fine
	with most customers. For those that want to monitor traffic
	internals, I want to still use my ssh infrastructure, albeit
	with no encryption after the authorization is complete.

	I realize it is an odd situation, but I'm not in a position
	to refuse the customer's insistence.


More information about the openssh-unix-dev mailing list