Subject: Re: ssh - are you nuts?!?
To: None <>
From: Andrew Brown <>
List: tech-security
Date: 12/20/2000 11:18:30
>>> > > Are there any more features that might make SSH valuable?
>>> > 
>>> > TCP tunnelling.
>>> Could be good point, however, in many cases you'll end up with tcp over tcp
>>> which isnt a good idea. To point out one issue with that look here:
>> No, because in case of ssh it's not the tcp packets which are carried by the
>> tunnel but users data.
>My understanding is "tunnel", as a concept in SSH, is a feature
>of port forwarding. This seems like a good feature, but something
>that is rarely usable. Am I mistaken?

if you were transporting a ppp connection though an ssh connection,
that would probably suffer from the problems described in the below
url.  ssh'd port forwarding just takes the data from a tcp connection
and pushes though a different tcp connection (one that is encrypted,

>>> To come back on ssh, two other advantadges (forgive my worse English) are
>>> 1) RSA-based host authentication. 
>>> 2) Instead of giving in a username you can also use RSA based authentication
>>> with a passphrase. It's shortly explained in ssh(1) (man 1 ssh).
>>> In these days of the internet it's more like: RIP telnet :)
>>> But ..... using ipsec and telnet isnt that bad.
>> Yes, if the remote end supports ipsec.
>Yes, but isn't that the same requirement from SSH?
>That both ends support SSH (1 or 2 or both).

yes, both ends have to support it, but getting both ends to support a
cooperative ssh version is much easier than getting both ends to use

|-----< "CODE WARRIOR" >-----|             * "ah!  i see you have the internet (Andrew Brown)                that goes *ping*!"       * "information is power -- share the wealth."