Re: IPsec vs ssh

[Mouse <mouse%Rodents-Montreal.ORG@localhost>]

> Nevermind the lose usage of the word "protocol".  ssh is an
> application, not a protocol, if we want to use strict networking
> terminology.

It's also a protocol, or rather two related protocols (or two different
versions of a single protocol, if you prefer to think of it that way).
See RFCs 4250 through 4254 (and a few others, eg 4335) for the more
recent of the two; as far as I know the older is documented only in
source code.

>> think doing anything of the sort for exactly ssh connections will be
>> very difficult, but port 22 should be relatively easy
> So, where's your solution?

Oh, I don't have one.  My experience with IPsec consists of turning on
the "use IPsec" bit in a VPN appliance back a decade or so ago.  My
"should be" was in the sense of "if it isn't then the design or
implementation is pretty catastrophically broken" than in the sense of
"here's how to do it".  I wouldn't have written at all except for what
looked like quibbling about the difference between "ssh" and "port 22".

/~\ The ASCII                             Mouse
\ / Ribbon Campaign
 X  Against HTML                mouse%rodents-montreal.org@localhost
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B