Re: Can SSH be used just for encrypted authentication and then let the rest of the session be unencrypted ?

[Pierre Abbat]

On Thu, 01 Feb 2001, David Bishop wrote:
>Well, to replicate what I assume a lot of people here do (i.e., maintain web
>servers/ftp servers) it is crucial that you limit who can upload to the
>machine, but not who sees what is *on* the machine.  So the fact that I'm
>uploading a new index.html to my machine isn't sensitive at all, anyone who
>goes to my box can see that.  However, I obviously don't want just anyone to
>be able to upload to my machine.  To be honest, that is a *lot* more common
>for me than having actual sensitive data.  If I didn't know that it would be
>taken advantage of by script kiddies and idiots, I would open up my whole
>machine to the 'net, cuz I frankly have nothing on there that I care if
>anyone else sees.  It's just limiting who can *change* it that I care about.

What I would do in this case, where the data have to go fast and can go in the
clear but the authentication must be encrypted, is use rsync without ssh and
set a password on the module. The password will be authenticated with a
challenge-response protocol, then rsync will transmit whatever part of the data
has changed.

phma