Gary Thorpe wrote:
> Thats kind of what I was asking...since things like anonymous ftp and
> anonymous cvs may not necessarily require data encryption but NEED
> protection against host spoofing/session hijacking (almost all TCP
> services?), would something like IPSEC be appropriate? Would it require
> less resources to implement, or is it the same effect as SSH just moved
> lower down the protocol stack? Is there a way to ensure the computer
> you are talking to is actually the one you want to talk to without
> encrypting the data stream itself?

This is something I've always wondered myself about. Why wouldn't
OpenSSH developers add a feature to disable encryption for people who
only need authentication, and don't need encryption to waste
bandwidth/CPU cycles. Should be simple enough. IPSEC is just too much
work to set up compared to SSH.