 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
Mike Bilow writes: I would not want to say that anything is completely safe, but I would expect that ssh is among the least likely services to be compromised in this way. Once the channel is opened, all of the data is handled using a cryptographic exchange that would guarantee authentication. Even if the circuit could be intercepted, ssh would not allow a third party to conduct a man-in-the-middle attack. Also, ssh has some protection against an attack being conducted during the negotiation of the inital exchange, if the hosts have ever exchanged keys before. I've wondered about this. While using ssh for some time, I've read the man pages and online docs with the requisite skeptical eye, and haven't quite been convinced that it actually encrypts everything. Maybe it does; maybe not. And maybe it'd take digging into the code to convince myself of whatever it does. I do know that there are a lot of things in TFM page that, when I try them, behave very differently than what I expect. "~." for example. Maybe this would be a good topic for a meeting. ssh does seem like a worthwhile tool to get more familiar with, and considering what it's used for, the more understanding the better. One thing I've been wondering is whether ssh can help solve the usual problems with the tcl/tk dependence on xauth for security. This often leads to people recompiling libtk with security off, just so they can get it to work locally. The xauth docs are notoriously opaque, and if there were a way to substitute ssh, it would greatly expand the usefulness of wish scripts. Since ssh already knows how to remote X across its link this could make a lot of GUI tools more useful. Maybe there are some ssh docs that I haven't discovered yet ... - Subcription/unsubscription/info requests: send e-mail with "subscribe", "unsubscribe", or "info" on the first line of the message body to discuss-request at blu.org (Subject line is ignored).
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
