Re: Bug#192416: ITP: rsh-redone -- Reimplementation of remote shell tools.
On Thu, May 08, 2003 at 02:54:08PM -0400, Matt Zimmerman <mdz@debian.org> was heard to say:
> On Fri, May 09, 2003 at 03:25:12AM +1000, Russell Coker wrote:
>
> > If I had more spare time I'd make a modification to ssh such that if scp was
> > run as rcp it would use all the usual scp mechanisms for passwords etc, and
> > then just send MD5 signed data through in clear-text after the connection is
> > established. Then when the data was transferred it would use the ssh
> > encryption mechanisms to confirm that the data was received with the correct
> > MD5.
>
> I'm pretty sure this would require a protocol change, which very much limits
> its usefulness. I agree that it would be nice to be able to opt out of
> encryption for the post-authentication data stream.
Off the top of my head, I think you could probably do it by opening
a second connection and using a single-shot authentication token,
negotiatied over the SSH connection. (this wouldn't help if you were
trying to copy files through a firewall that only accepted ssh, of course)
(I'm imagining this being done by a separate program that uses ssh as
a data transport, not by ssh itself)
Daniel
--
/-------------------- Daniel Burrows <dburrows@debian.org> -------------------\
| Any sufficiently advanced magic is indistinguishable from technology. |
\---------------------- A duck! -- http://www.python.org ---------------------/
Reply to: