Firewall Wizards mailing list archives

RE: What's the deal with SSH? (was: PIX software release 5.2)

From: "Robert Purdy" <liteyear () ihug co nz>
Date: Tue, 26 Sep 2000 21:57:36 +1200


SSH serves to help prevent someone from snooping on the packet stream
passing between two computers.  This includes the authentication process,
which is why it is so widely favored over telnet (because telnet does its
authentication via plaintext).  It should be noted, however, that all SSH
does is secure the datastream between the two endpoints.  There
are a ton of
ways the security of the actual session could still be broken.
Still, it's
far better than telnet.


Does this mean that if a box is compromised the traffic can still be
monitored?

Say users are accessing a *nix box via sshd/ssh (opensource version).  If
the box is compromised but the attacker does not have root access, is it
possible for the attacker to snoop the traffic between a user running as
root via ssh?

I was of the understanding that the total session was encrypted.  Still that
was assumed - ass (of) u (and) me


Regards,
Rob Purdy


_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards

Current thread:

RE: What's the deal with SSH? (was: PIX software release 5.2) shewitt (Sep 22)
- RE: What's the deal with SSH? (was: PIX software release 5.2) Carson Gaspar (Sep 22)
- <Possible follow-ups>
- RE: What's the deal with SSH? (was: PIX software release 5.2) sean . kelly (Sep 25)
  - RE: What's the deal with SSH? (was: PIX software release 5.2) Robert Purdy (Sep 26)