RE: Can SSH be used just for encrypted authentication and then let the rest of the session be unencrypted ?

Thu, 01 Feb 2001 02:00:37 -0800 

Sometimes you want the authentications encrypted to prevent outsiders from
getting the passwords, but the actual data itself is considered not
sensitive.  Or your using public key exchange to authenticate, but the data
is not sensitive.  Being able to turn off the encryption would be nice when
you have to move gigabytes across a LAN inside of the allowed backup time
window.  What I've done when I needed to do this is to lower the encryption
strength to use blowfish instead of IDEA or 3DES.  I've doubled throughput
by doing this.

-----Original Message-----
From: Aran Cox [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 31, 2001 9:18 AM
To: Bob Babcock
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Can SSH be used just for encrypted authentication and then
let the rest of the session be unencrypted ?


On Tue, Jan 30, 2001 at 05:53:07PM -0500, Bob Babcock wrote:
> > Like my the subject states; Can SSH be used just for encrypted 
> > authentication and then let the rest of the session be unencrypted?.
> 
> I'd like to be able to do this too, but it would be easy to get in
trouble.
> Say you ssh from machine A to machine B, then from B you ssh to machine C.
> If only the authentication is encrypted, you've just sent your login
> information for machine C over the A-to-B link unencrypted.

Why wouldn't you want to encrypt the entire session?  Are your machines
so slow that it's actually an issue?  ssh makes it just as easy to 
encrypt everything, so why mess with a Good Thing?
*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized. 

If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.         
*****************************************************************************

Reply via email to