encrypt authentication credentials with payload in the clear?
James Dennis
jdennis at law.harvard.edu
Thu Mar 6 01:25:43 EST 2003
Scott Bolte wrote:
> On Tue, 4 Mar 2003 10:16:11 -0600 (CST), Ben Lindstrom wrote:
>
>>Stupidity comes in many forms. By weakening their security they think
>>they are improving it. ...
>
>
> I agree that they are taking a risk in this case. However,
> they do have a point. When all traffic is encrypted, it
> benefits those with malicious intent as much as legitimate
> users. Statistical process controls to detect aberrant
> behavior is pretty weak detection.
>
If this is what they want, why use ssh? Using SSH here will almost
definitly create a false sense of security for people who aren't
entirely sure whats going on. "Oh, our logins are encrypted? Cool." as
they probably would't know the entire session can be encrypted.
I can't help but feel like if you want to watch the traffic of people's
ssh session then you are already hacked. Attacks may come in against
SSH, but if the authentication process is all that is attacked, and that
part is encrypted anyway, so your NIDS won't work. What if you lock SSH
down so that people can only connect to it from approved areas. Then
also use AllowUsers/AllowGroups to lock it down to users in those areas.
I feel like sending traffic cleartext is just a bad idea accross the
board. What if someone su's or logs into other systems or exposes
database account credentials to something containing personal info
and/or credit card numbers from those cleartext ssh sessions?!? Your
most likely going to accidentally expose much more than it's worth. NIDS
don't seem to work very well (false positives are out of control) and if
someone slipped past, they will most likely sniff a little (being
passive recon and all) whats going on and your doubly screwed.
-James
More information about the openssh-unix-dev
mailing list