encrypt authentication credentials with payload in the clear?
David Woodhouse
dwmw2 at infradead.org
Wed Mar 5 03:42:17 EST 2003
On Tue, 2003-03-04 at 16:16, Ben Lindstrom wrote:
> In any respects, RFC strongly discourages no encryption (none
> OPTIONAL no encryption; NOT RECOMMENDED). So I doubt we will
> see -c none for v2 protocol.
Nevertheless, it's not _unconditionally_ stupid. Consider, for example,
Host *.mynet.internal
ProxyCommand ssh -c none -C bastion.mynet.external netcat %h %p
When the client is a 200MHz StrongARM-based PDA, running
'ssh mail.mynet.internal exec imapd' to get at its mail server,
there's not a great deal of point in using up its CPU and battery in
encrypting the traffic twice, when once would suffice perfectly well.
--
dwmw2
More information about the openssh-unix-dev
mailing list