RE: SSH with no crypt

From: Price, Christopher (Christopher.Price_at_encana.com)
Date: 06/15/05

  • Next message: Nathan Jackson: "Re: SSH with no crypt"
    Date: Wed, 15 Jun 2005 14:30:24 -0600
    To: "Andrew Haninger" <ahaning@gmail.com>, "Alvaro Colunga" <alvariux@gmail.com>
    
    

            Its possible that the client wants to use the non-repudiation
    features for users and hosts from ssh but not encrypt the actual
    session. Many large organizations prohibit encrypted traffic on their
    internal network because they want to be able to sniff network traffic
    on their internal network as part of their security auditing
    methodology. Host based key authentication/verification is a good way to
    ensure nobody inserts malicious hosts on the network that masquerade as
    a trusted host.

            Chris

    -----Original Message-----
    From: Andrew Haninger [mailto:ahaning@gmail.com]
    Sent: Wednesday, June 15, 2005 9:34 AM
    To: Alvaro Colunga
    Cc: AUGERT Jean Philippe (EURIWARE); secureshell@securityfocus.com
    Subject: Re: SSH with no crypt

    On 6/14/05, Alvaro Colunga <alvariux@gmail.com> wrote:
    > i think ssh without encryption would be telnet, you can use telnet if
    > you need a terminal without that feature
    I think the original poster was requesting information on the
    possibility of initializing a SSH2 connection without encryption as
    was possible with an older version of SSH1.

    It sounds like it will be difficult to find such a feature in a recent
    version as it would seem so pointless.

    Maybe a better description of the situation would make it easier for
    people to give help.

    -Andy


  • Next message: Nathan Jackson: "Re: SSH with no crypt"

    Relevant Pages

    • RE: SSH with no crypt
      ... my organization want to sniff every network ... That's why i'would like to continue using SSH ... ensure nobody inserts malicious hosts on the network that masquerade as ... possibility of initializing a SSH2 connection without encryption as ...
      (SSH)
    • NFS over SSH
      ... I want to tunnel NFS with SSH for hosts not on my internal network. ... Molecular Cell Biology / AG Holstein, Darmstadt University of Technology, Schnittspahnstr. ...
      (FreeBSD-Security)
    • OpenSSH accepts any RSA key from host 127.0.0.1, even on non-default ports
      ... The reason why this bothers me is that I sometimes use ssh to tunnel ssh ... connections (blowfish encryption in a 3DES tunnel, anyone?) to hosts I ... debug: Reading configuration data /etc/ssh/ssh_config ...
      (FreeBSD-Security)
    • Re: [SLE] selective NAT possible?
      ... for only some hosts of the internal network. ... dhcp isn't involved in this case - all hosts have static ip-s. ...
      (SuSE)
    • Policy based routing/restricting access __inside__ ones net..
      ... I am writing to ask for advice about providing profile dependent access ... to subsets of ones internal network. ... I prevent them accessing other hosts while allowing __some__ access to ... Can a Kerberos realm enforce access profiles such as these (and then if ...
      (FreeBSD-Security)