My mistake, I forgot to mention the following:
In SSH1, the session key is hidden by the public keys. The user
authentication is part of the packet protocol which is normally encrypted.
It is possible to run SSH without encryption, but it is no more secure than
using rsh. ARC4 is also a valid encryption fairly fast, stream-based
algorithm, but I do not know how it compares to Blowfish.
--
-Todd Short
// [EMAIL PROTECTED]
// "One if by land, two if by sea, three if by the Internet."
> -----Original Message-----
> From: Chr. v. Stuckrad [mailto:[EMAIL PROTECTED]]
> Sent: Monday, February 05, 2001 2:58 PM
> To: Short, Todd
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: Can SSH be used just for encrypted
> authentication and then
> le t the rest of the session be unencrypted ?
>
> May be I'm wrong, but doesn't ssh 'with NONE' switch of
> encryption ENTIRELY?
> So it SHOWS the negotiation of the password to the outside(?)...
>
> May be it is safe enough if you authenticate only by the hostkeys,
> so only public Keys go over the net and are compared to some local
> data.
>
> I prefer to ssh to someplace, then use 'netcat' to transfer
> with maximum
> speed from or to that place. So the password and commands are safe
> and the data ist fast. Highjacking would be possible, so we'll risk
> a DOS-able Disk-backup or somebody can steal data. The latter
> is possible
> anyway as we use NFS, so this method is 'as (un)safe as normal work'
> but the 'simple sniffer' doesn't get at root-passwords f'as
> fast. Only
> someone 'really clever' will be able to first catch a random Socket,
> then fill in something which fits into the dump/tar/whatever-tapes
> and then wait until I reload exactly, whatever was sent to me :-)
>
> Just an idea, half tested, half on my todolist.
>
> Stucki
>
> --
> Christoph von Stuckrad * * | nickname |
> <[EMAIL PROTECTED]> \
> Freie Universitaet Berlin |/_* | 'stucki' | Tel(days):+49
> 30 838-75 459 |
> Fachbereich Mathematik, EDV |\ * | if online | Tel(else):+49
> 30 77 39 6600 |
> Arnimallee 2-6/14195 Berlin * * | on IRCnet | Fax(alle):+49
> 30 838-75454 /
>
