From: David Knight French <[EMAIL PROTECTED]>
Subject: Re: scp performance.
Date: Sun, 21 Jan 2001 02:20:06 -0800 (PST)
> Set up RSA/DSA public key authentication and no password will be
> needed. Then run scp unencrypted to send the previously encrypted
> data. I believe the public key authentication encrypts a challange
> with the private key which is verified by the server decrypting with
> the public key found in authorized_hosts* or in the file pointed to
> in the authorization file (depending on whether DSA or RSA is used
> and whether the server is running OpenSSH or SSH.com. Thus, the
> only thing that would be seen on the wire is the encrypted
> challange.
may be it's not a concern in this case, but won't the session be
vulnerable to session hijacking (post-authentication) if encryption is
turned off?
