[EMAIL PROTECTED] writes:
> I was hoping you guys would elaborate a bit on the distinction in benefits
> between:
>
> 1) using ssh across the internet
This is a no-brainer. You should assume that Descartes evil genie is
out there trying to look at and mess with your packets. Wouldn't you
want the math of public-key encryption on your side when dealing with
this situation?
> 2) using ssh inside a firewalled work or home LAN
I work for a networking company (behind a firewall). All of the
engineers here know how to use network sniffers -- they're just a tool
that we use for our work. It's not hard for a person with a moderate
degree of technical ability to hook one into a network. If you're
using hubs rather than switches, or if you happen to hook the sniffer
into the right segment of the network, or if you're handy with an RMON
probe, you can glean a lot of information...
Also, it would be unwise to assume that everybody who is behind your
firewall isn't malicious. Heck, at a company I worked at in the past,
we had a BOFH who, among other rude things, probably sniffed packets
and caused much pain and suffering with the results. I deliberately
used ssh to thwart him.
> I'd also be interested in your suggestions/experiences for ssh activity
> automation i.e. via cron *w/o* passphrase. (which I believe was the
> intention
> of the original post as well).
Iff you can keep both hosts secure, the underlying network can be
unsecure and you'll have no problems. Without public-key
cryptography, you don't get that.
--kevin
--
Kevin D. Clark ([EMAIL PROTECTED]) |
Cetacean Networks, Inc. | Give me a decent UNIX
Portsmouth, N.H. (USA) | and I can move the world
[EMAIL PROTECTED] (PGP Key Available) |
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
