Du weisst, dass Blogs doch irgendwie zu Dir durchdringen, wenn Du beim Blick auf dein Mobiltelefon glaubst Dein Provider hieße "Vodkamelone".
-- Nilsk Ketelsen im IRC SucheAktuelle EinträgeBetter UX on the Nagios web interface using the corewindow parameter
Sonntag, Februar 25 2024 Avocent PM webinterface issues Samstag, September 7 2019 The missing man page: cyc_ipmicmd - Avocent IPMI power control Donnerstag, April 30 2015 Better debugging of dracut and systemd inside the initramfs Freitag, Januar 24 2014 dss_cli, an Open-E Data Storage Server command line interpreter Donnerstag, Mai 16 2013 Link ListLetzte Google Suchetesting
testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing KategorienLast played...Song: Numbers (DJ-Kicks) (Extended Vocal Mix) Artist: Booka Shade 7. Februar 2015, 02:32 Song: Numbers (DJ-Kicks) (Club Mix) Artist: Booka Shade 7. Februar 2015, 02:24 Song: Estoril Artist: Booka Shade 7. Februar 2015, 02:17 Song: Numbers (DJ-Kicks) (Extended Vocal Mix) Artist: Booka Shade 7. Februar 2015, 02:12 Song: Numbers (DJ-Kicks) (Extended Vocal Mix) Artist: Booka Shade 12. Januar 2015, 00:43 18. August 2015, 15:15
|
Sonntag, 11. März 2007SSH Null Cipher? Yes, please!Trackbacks
Trackback für spezifische URI dieses Eintrags
Keine Trackbacks
Kommentare
Ansicht der Kommentare:
(Linear | Verschachtelt)
Personally, I would never trust a tunnel to a "secure network", because I don't belive in such beasts. Proper usage of end-to-end security systems like SSH, Kerberos and SSL ensures that data is encrypted and also authenticated all the way from the source to the destination.
Sure, some would agree that an VPN or IPSEC is good enough, but I think it's not really worth it to give people that option. A better soulution is to integrate the end-to-end security protocol with the tunneling protocol. That is, you start by letting SSH or whatever do its job and secure the connection. Then, if it detects that there's a connection between host A and B and both hosts are doing both IPSEC and SSH, then the SSH context can be used to do an extra verification of the IPSEC keys and then SSH can stop encrypting. Of course, that doesn't work when the tunnel endpoint isn't at your SSH server, but as I said, I don't trust "secure networks" anyway. ;) |