encrypt authentication credentials with payload in the clear?

James Dennis jdennis at law.harvard.edu
Thu Mar 6 01:25:43 EST 2003

Scott Bolte wrote:
> On Tue, 4 Mar 2003 10:16:11 -0600 (CST), Ben Lindstrom wrote:
>>Stupidity comes in many forms.  By weakening their security they think
>>they are improving it.  ...
> 	I agree that they are taking a risk in this case. However,
> 	they do have a point. When all traffic is encrypted, it
> 	benefits those with malicious intent as much as legitimate
> 	users. Statistical process controls to detect aberrant
> 	behavior is pretty weak detection.
If this is what they want, why use ssh? Using SSH here will almost 
definitly create a false sense of security for people who aren't 
entirely sure whats going on. "Oh, our logins are encrypted? Cool." as 
they probably would't know the entire session can be encrypted.

I can't help but feel like if you want to watch the traffic of people's 
ssh session then you are already hacked. Attacks may come in against 
SSH, but if the authentication process is all that is attacked, and that 
part is encrypted anyway, so your NIDS won't work. What if you lock SSH 
down so that people can only connect to it from approved areas. Then 
also use AllowUsers/AllowGroups to lock it down to users in those areas.

I feel like sending traffic cleartext is just a bad idea accross the 
board. What if someone su's or logs into other systems or exposes 
database account credentials to something containing personal info 
and/or credit card numbers from those cleartext ssh sessions?!? Your 
most likely going to accidentally expose much more than it's worth. NIDS 
don't seem to work very well (false positives are out of control) and if 
someone slipped past, they will most likely sniff a little (being 
passive recon and all) whats going on and your doubly screwed.


More information about the openssh-unix-dev mailing list