On Sat Mar 15, 2003 at 08:13:15PM -0800, Jim C wrote: > I've a question about ssh also. Isn't it true that after one logs in > with ssh, that further communications beyond login are not encrypted? > Doesn't this imply that if one logs in as a user and then wants to su to > the super user once you are there, that this is *not* secure? > > If this is true, how might one fix it?
I'd really like to know where you heard that from. Beat them with a wet noodle or a 100lb sledge... your choice. At any rate, it's very wrong. It would be next to useless to have ssh only protect the login password. -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ "lynx -source http://linsec.ca/vdanen.asc | gpg --import" {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
pgp00000.pgp
Description: PGP signature
