On Mon, Mar 13, 2006 at 03:03:24PM -0500, Neal Murphy wrote:
The idea is to present information to the server that only the server can decrypt, and that, in theory, only the authorized user could have generated.
Much like an authentication system. What's the point of all this over just authenticating via ssh? Sounds like a ridiculously complicated and error-prone method to reduce log entries. And realistically you'd want to log attempts to brute force this mechanism, right?
Yes, allowing UDP packets in is, in a sense, an open port, but it's a one-way port. UDP packets have a fixed maximum size and the information carried in the packet is trivial in nature; UDP packets are generally benign. It's a given that anyone who knows the server's public key can generate an encrypted packet, but only an authorized user can correctly generate the encrypted parts inside the encrypted packet.
No, anyone can generate encrypted parts. IMHO, there's not much chance that the decryption routines in your magic udp parser are going to be less vulnerable than those in openssh itself. Having "two layers of Having "two layers of encryption" in this context is fairly pointless. Why not use three layers, or four? What analysis demonstrates a demonstrable return for that second layer, weighed against the cost of this kooky mechanism? If you really need multiple encryption layers, do it right and use an existing standard like ipsec rather than inventing a convoluted "secret method".
Mike Stone