in comp.unix.admin i read:
>those who know me have no need of my name wrote:
>> in comp.unix.admin i read:


>>> No, I didn't stutter, nor am I unaware of PGP, GPG, etc....

>
>>> Has anyone seen or used SSH or a SSH based tool to encrypt a file? I've
>>> been specifically asked to see if this is possible.

>
>> no. the whole notion is idiotic. shoot the programmer that suggested it.

>
> Well, it's not idiotic. If you were going to transfer one file to many
> different hosts over ssh/scp then it makes sense to encrypt once and
> just send the pre-encrypted/pre-signed packets. This is similar to an
> optimization for web servers that cache a sequence of TCP packets with
> the checksums pre-computed.


i agree that encrypting once would have better performance than doing so
multiple times. that doesn't alter my opinion that the particular method
remains idiotic. pre-encryption isn't the purpose of ssh, they leave that
to other tools. distributing an encrypted file via some other distribution
mechanism is entirely sensible.

> I suppose we could have ssh open a connection, run a netcat command
> (pick a random port for the listen and restrict it to accepting connections
> from just one source IP --- just to minimize the DoS exposure), then
> have the local end nc the file to that destination.


i'm not sure what you think this accomplishes, as gpg was specifically
excluded in the original request.

--
a signature