Re: Can SSH be used just for encrypted authentication and then let the rest of the session be unencrypted ?

[�smund Skj�veland]

> Well, to replicate what I assume a lot of people here do (i.e., maintain web
> servers/ftp servers) it is crucial that you limit who can upload to the
> machine, but not who sees what is *on* the machine.  So the fact that I'm
> uploading a new index.html to my machine isn't sensitive at all, anyone who
> goes to my box can see that.  However, I obviously don't want just anyone to
> be able to upload to my machine.  To be honest, that is a *lot* more common
> for me than having actual sensitive data.  If I didn't know that it would be
> taken advantage of by script kiddies and idiots, I would open up my whole
> machine to the 'net, cuz I frankly have nothing on there that I care if
> anyone else sees.  It's just limiting who can *change* it that I care about.

In other words, you don't want anyone to be able to intercept and modify the
datastream, and so the data are sensitive.


-- 
Åsmund Skjæveland ([EMAIL PROTECTED])

PGP signature