[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Future of kerberised telnet, login, rsh, ftp?
Ken Hornstein wrote:
>> It is another thing I prefer about ssh, security happens at the lowest
>> possible layer, so there is no chance an attacker can inject unwanted
>> data into the data stream.
>
> Ah, that's one thing I remember now; it wasn't possible to turn encryption
> _off_ in ssh. We force people to use encryption for interactive sessions,
> but don't require it for bulk data transfer. It's easy to segment this
> out with different utilities (rcp versus rsh required writing some extra
> code, but it wasn't hard). Encryption sucks when you're rcp'ing around
> a few terabytes (and yes, we have people that do that all of the time).
Good point, I run into this pretty often. (My brother complains about it
all the time, working with many terabytes of science/image data.) But
the fix is easy, just add a "null" cipher spec and select it with "ssh
-c". Probably smarter in some cases is to add a checksum-only cipher so
that you can still protect against hijacking.
--
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
- Prev by Date:
Re: Future of kerberised telnet, login, rsh, ftp?
- Next by Date:
Re: Future of kerberised telnet, login, rsh, ftp?
- Prev by thread:
Re: Future of kerberised telnet, login, rsh, ftp?
- Next by thread:
Re: Future of kerberised telnet, login, rsh, ftp?
- Index(es):