DSL logs
Mitchell Patenaude
mrp at sonic.net
Thu Jan 27 10:58:05 PST 2000
On Thu, Jan 27, 2000 at 12:53:33AM -0800, Devin Carraway wrote:
> RSA authentication reduces this problem considerably, yes. If
> you're running ssh-agent (which you will probably find convenient, if you're
> using fetchmail), you should generally instruct ssh not to forward the agent
> to hosts you don't trust (never trust a shell server). That's done by
> adding an entry to your ~/.ssh/config file of the general form:
[ good ssh primer snipped ]
I think you are missing thie point. What he's proposing to do is
tunnel POP traffic, but that traffic is only encrypted from his
computer until it get to bolt, from there to the pop server it's
just open text, and that pop traffic contains his password. It's
compromised wheter he uses RSA authentication or not. While I
think SSH tunneling is a great thing, I think it probably increases
the vulnerability here, rather than the other way around.
-- Mitch
More information about the talk
mailing list