encrypt authentication credentials with payload in the clear?

Scott Bolte listS+openssh-unix-dev at niss.com
Fri Mar 7 00:18:32 EST 2003


On Wed, 05 Mar 2003 21:23:15 -0600, Nick Lange wrote:
> Afternoon everyone,
>     If everyone is entirely concerned about innocuous commands comming over
> the ssh session to the shell account, why 
> not just analyze the shell logs for analysis there?

	Shell access needs to go away IMHO. It is too easy to defeat
	audit trails if there is unfettered shell access.

	The long term direction I am trying to go is role based
	access controls using sets of public/private keys which
	gain access to a proxy command system. That would allow
	more reliable logging, with excellent access management,
	without having to worry about all the end cases a shell
	entails.

		Scott




More information about the openssh-unix-dev mailing list