[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Future of kerberised telnet, login, rsh, ftp?

>Good point, I run into this pretty often. (My brother complains about it 
>all the time, working with many terabytes of science/image data.) But 
>the fix is easy, just add a "null" cipher spec and select it with "ssh 
>-c". Probably smarter in some cases is to add a checksum-only cipher so 
>that you can still protect against hijacking.

Here's the problem I see with that: people are stupid.

More specifically, we don't _want_ to trust the user to do the right
thing, because we've learned the hard way that they won't (Oh, I could
tell you stories ...).  So we enforce policy on the application server
side that says, "Hey, you have to use encryption for interactive
sessions".  It wasn't clear to me that it was easy to permit
unencrypted scp, but require encrypted interactive logins.  I'm sure
it's possible somehow but it looked like a lot of hacking, because
encryption took place at a low layer.