[ale] unencrypted SSH

Bob Toxen transam at cavu.com
Fri Aug 20 16:36:14 EDT 2004


On Mon, Aug 16, 2004 at 07:46:08PM -0400, David Corbin wrote:
> Access to my corporate network is via VPN, that I can easily get to work with
> Windows (since that's they way IT supports).  I've setup an old laptop to run
> Windows at home, and I have it run (cygwin) ssh port forwarding so that I can
> access my office system(s) from the rest of my home LAN (which is
> substantially Linux, of course).  Now that I've finally made some progress in
> replacing my office desktop with Linux, I'm sshing to a my local windows
> system to execute apps on the office system.

> What this means, I think, is that my poor little "VPN relay" is having to burn
> a lot of CPU encrypting and un-encrypting stuff without cause.  One cycle of
> that is for a local LAN connection where I have complete physical security
> (my home), and the other is encrypting the port forwarding that's going over
> a VPN and thus already encrypted once.

> So, is there a way to invoke SSH that will NOT do encryption of the basic
> data stream?
Yes.  Telnet.  Of course it won't encrypt the password either but you don't
need this if you have an end-to-end VPN.

> David

Bob Toxen
bob at verysecurelinux.com               [Please use for email to me]
http://www.verysecurelinux.com        [Network&Linux/Unix security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.

"Microsoft: Unsafe at any clock speed!"
   -- Bob Toxen 10/03/2002



More information about the Ale mailing list