Re: encrypting files with SSH???
in comp.unix.admin i read:[color=blue]
>those who know me have no need of my name <firstname.lastname@example.org> wrote:[color=green]
>> in comp.unix.admin i read:[/color][/color]
>>> No, I didn't stutter, nor am I unaware of PGP, GPG, etc....[/color][/color]
>>> Has anyone seen or used SSH or a SSH based tool to encrypt a file? I've
>>> been specifically asked to see if this is possible.[/color][/color]
>> no. the whole notion is idiotic. shoot the programmer that suggested it.[/color]
> Well, it's not idiotic. If you were going to transfer one file to many
> different hosts over ssh/scp then it makes sense to encrypt once and
> just send the pre-encrypted/pre-signed packets. This is similar to an
> optimization for web servers that cache a sequence of TCP packets with
> the checksums pre-computed.[/color]
i agree that encrypting once would have better performance than doing so
multiple times. that doesn't alter my opinion that the particular method
remains idiotic. pre-encryption isn't the purpose of ssh, they leave that
to other tools. distributing an encrypted file via some other distribution
mechanism is entirely sensible.
> I suppose we could have ssh open a connection, run a netcat command
> (pick a random port for the listen and restrict it to accepting connections
> from just one source IP --- just to minimize the DoS exposure), then
> have the local end nc the file to that destination.[/color]
i'm not sure what you think this accomplishes, as gpg was specifically
excluded in the original request.