D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Security and SSH

 

On Fri, 21 Jan 2011, Paul Hirst wrote:

On Fri, 2011-01-21 at 07:57 +0000, Gordon Henderson wrote:

I really wish I could turn encryption off on ssh
(scp/rsync) data sometimes, but still leave the encrypted part of the
password/key exchange in-place.

IIRC this used to be possible with the SSH1 protocol but it was disabled
in SSH2 because it was a security risk. I'm not sure if there was a real
vulnerability or if it was just perceived as a bad idea to allow this.

You can choose to use a less intensive cipher. I believe blowfish is
often a good choice over the default.

Indeed, and that's what I use when doing big copys over a LAN with rsync and weedy boxes.

  rsync -e 'ssh -c blowfish' ...

Maybe one day I'll work out how to use the built-in AES module in the AMD Geodes and VIAs I use...

Gordon

--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq