Subject: Re: FreSSH
To: NetBSD-current Discussion List <current-users@netbsd.org>
From: Charles Shannon Hendrix <shannon@widomaker.com>
List: current-users
Date: 03/09/2002 17:53:31
On Sat, Mar 09, 2002 at 12:04:43PM -0500, Greg A. Woods wrote:
> [ On Saturday, March 9, 2002 at 11:31:41 (-0500), Charles Shannon Hendrix wrote: ]
> > Subject: Re: FreSSH
> >
> > On Fri, Mar 08, 2002 at 02:46:18AM -0500, Michael G. Schabert wrote:
> > >
> > > Hehe, turn off encryption??
> > > 
> > > "alias ssh telnet"
> > 
> > No... encryption of packets, not the password handshake to establish
> > the connection.
> 
> But that's the whole point.  You may as well put your password in the
> clear on the wire if you don't use strong crypto for the entire
> connection.  If someone can see your password as it flies by then they
> can almost certainly hijack your connection.  If they can actually get
> right in the middle of your connection then they can proxy your
> connection, doing things as you, and only showing you what you think you
> should see.  You can't have it half-way and expect it still to be
> secure because it won't be.

I don't care if my vi edits and the guts of my tar files are visible
on the net.

The only thing I really care about being encrypted is my login password,
and for my own LAN, I just want the machines to verify one another.

Most of the time, I do not need each packet sent to be encrypted.

If I'm going to hop to machine A and then go on to machine B, then
of course I need everything encrypted.  Of course, if I do this, I'm
vulnerable to attacks like those used against sourceforge a few months
back.


-- 
UNIX/Perl/C/Pizza__________________________________shannon@widomaker.com