Subject: Re: sshd config?
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Mahmoud Chilali <>
List: tech-userlevel
Date: 12/01/2003 00:21:09
der Mouse wrote:

> Me too.  I'm perfectly content with requiring explicit reconfiguration
> to make it available (such as Ciphers and MACs in sshd_config).  But I
> think it is unreasonable to protect admins against themselves to the
> extent of removing it entirely.

Besides, trying to protect people against themselves has always resulted 
in things getting worst, because people always find unusual ways to get 
around limitations.

> NetBSD tries to keep people from shooting themselves in the foot by
> mistake.  But I think it is wrong to keep the guns locked away entirely
> because people might shoot themselves in the foot.

If only there were docs about how it works and why we should trust it...

> I don't think this is true.  If it is, the protocol is grossly
> misdesigned, because everything the sniffer gains, the peer server has
> access to even with real encryption, and I think we will all agree that
> the client should _never_ reveal to _anyone_ enough information to
> compromise a private key.

fully agreed. If using a null crypto ssh breaks my future encrypted 
sessions, then ssh would be broken. I doubt it is so, but I have no proof:)

Back to the subject, from a user perspective:
- There is no point in controlling me:)
- If I have to use ssh when I feel ok for encryption and rlogin when I 
feel trust, then I go for rlogin only (+ssl or ipsec if really needed).

Now all this stuff is about some man in the middle. How can a man be in 
the middle when all men are extremist?