|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Graywane (graywane
home.com)Date: Tue May 01 2001 - 16:04:50 CDT
On Tue, May 01, 2001 at 04:23:54PM -0400, Mipam wrote:
> On Tue, May 01, 2001 at 11:16:16PM +0300, Alex Popa wrote:
> > The reason why this bothers me is that I sometimes use ssh to tunnel ssh
> > connections (blowfish encryption in a 3DES tunnel, anyone?)
>
> Some ppl think that using encryption to encrypt allrdy encrypted data
> is dubble secure. This is in general certainly not true.
> Instead, sometimes it becomes only easier to crack it.
> So i wouldnt advice to use ssh in a ssh tunnel to aviod possible
> problems like that.
You are missing the point. Lets say you are connecting from machine A to
machine B using ssh. You setup a port forward so that connections to machine
B at port 9999 are forwarded to machine A at port 22. Now you connect from
machine C to port 9999 of machine B using ssh. As long as you trust ssh on
machine C and sshd on machine A then encrypting the second tunnel avoids
problems with the marginally trusted machine B (assuming you check your host
key fingerprints). It also allows you to bind sshd on machine A to 127.0.0.1
rather than 0.0.0.0
-- Note: See http://www.members.home.net/graywane/ for PGP information.To Unsubscribe: send mail to majordomo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]