encrypt authentication credentials with payload in the clear?

Scott Bolte listS+openssh-unix-dev at niss.com
Fri Mar 7 00:11:54 EST 2003

On Wed, 5 Mar 2003 09:47:19 -0500, "Loomis, Rip" wrote:

> If SSH did support a mode where authentication information was
> encrypted but terminal sessions were not, it would satisfy a
> real world requirement IMHO.  What's not clear, though, is whether
> that requirement is worth satisfying in the "stock" portable
> OpenSSH.
> 	...
> That's a valid concern--as I said, though, the places that want
> this sort of functionality generally have a good reason (either
> legal, or based on a full-up risk and threat assessment) why they
> want to collect it.  It might seem strange, but it does happen.

	One reason I really want it in the 'stock' OpenSSH is because
	it enables a migration path. We can satisfy an organization
	who's current mindset requires monitorable traffic. Then,
	as we educate them as to the risks they are taking, and
	address their other requirements in a more elegant manner,
	we move them towards a more secure use of ssh.


More information about the openssh-unix-dev mailing list