This message is extremely off topic. I'm talking about functionality in
SSH, Greg seems intent on proving how much he knows (or doesn't) about
security. I've asked Greg to discontinue his replies several times in
private e-mail. Now I'm asking him publically. *sigh*
On Thu, Feb 04, 1999 at 01:23:32AM -0500, Greg A. Woods wrote:
> Losing secrets are the least of your problems. The real issue is that
> you've opened a fully authenticated and authorized covert channel (or
> multiples if you consider SSH's ability to tunnel connections!) for the
> untrusted client machine to do with what it pleases, and to do so
> completely without your knowledge.
Greg, you don't every stop, do you?
Remember the point about risk analysis? Having the hardware based
encryption devices raised the standard, and makes it even harder to get in.
It also allows authentication for services which SSH does nothing for.
Can someone still get in? If the damn thing is plugged into a power plug,lugged into a
power plug,lugged into a power plug, never mind an Internet
connection, someone can get in. The point is to make it hard enough.
Here you are spilling "your wisdom" about how to do security, when I'm not
asking for your help, nor your wisdom (or lack) about security. Now that
I've finally explained why SSH with RSA keys isn't good enough security,
your critizing my scheme far beyond anything SSH can do to help.
I don't care.
This isn't about how to secure my network.
I've asked you to stop replying if you won't address my real issue.
Please do so!
[ Now back to something on topic! ]
Once again :-( the issue is that SSH/SCP should allow file transfer down an
existing connection, rather than opening a new connection to transfer the
files. Looking at the protocol, I don't see any reason why it isn't possible.
--
Joe Rhett Systems Engineer
[EMAIL PROTECTED] ISite Services
PGP keys and contact information: http://www.noc.isite.net/Staff/
