D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Security and SSH

 

On Fri, 2011-01-21 at 07:57 +0000, Gordon Henderson wrote:

> I really wish I could turn encryption off on ssh
> (scp/rsync) data sometimes, but still leave the encrypted part of the
> password/key exchange in-place.

IIRC this used to be possible with the SSH1 protocol but it was disabled
in SSH2 because it was a security risk. I'm not sure if there was a real
vulnerability or if it was just perceived as a bad idea to allow this.

You can choose to use a less intensive cipher. I believe blowfish is
often a good choice over the default.

This webpage seems like a good starting point for choosing one

http://blog.famzah.net/2010/06/11/openssh-ciphers-performance-benchmark/


Sophos Limited, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, United 
Kingdom.
Company Reg No 2096520. VAT Reg No GB 991 2418 08.

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq