[cryptography] preventing protocol failings

Kevin W. Wall kevin.w.wall at gmail.com
Thu Jul 14 00:47:38 EDT 2011


On Wed, Jul 13, 2011 at 11:39 AM, Andy Steingruebl <andy at steingruebl.com> wrote:
> On Wed, Jul 13, 2011 at 7:11 AM, Peter Gutmann
> <pgut001 at cs.auckland.ac.nz> wrote:
>> Andy Steingruebl <andy at steingruebl.com> writes:
>>
>>>The way it for for everyone I knew that went through it was:
>>>
>>>1. Sniffing was sort of a problem, but most people didn't care
>>>2. Telnet was quite a bit of a pain, especially when using NAT, and wanting
>>>to do X11 forwarding
>>>3. Typing in your password again and again over telnet (which did have
>>>advantages over rlogin/rsh) was a pain.
>>>
>>>Enter SSH.  It solved #1, but the big boon to sysadmins to figure it out and
>>>installed it was that it *really* solved #2 and #3, hence major adoption.
>>
>> Uhh, this seems like a somewhat unusual reinterpretation of history.  SSH was
>> primarily an encrypted telnet, and everything else was an optional add-on
>> (when it was first published it was almost rejected with the comment "this is
>> just another encrypted telnet").  The big boon to sysadmins was that (a) you
>> could now safely type in your root password without having to walk to the room
>> the box was in to sit at the console and (b) you could build and run it on
>> pretty much everything without any hassle or cost.  That combination was what
>> made it universal.
>
> Hmm, do you know that many sysadmins outside high-security conscious
> areas that really cared about typing the root password over telnet,
> especially back in 1997?  I don't.  Academia and banks cared, and
> often deployed things like securid or OPIE/SKEY to get away from this
> problem, but your average IT shop didn't care at all.
>
> Or are you really suggesting we got massive SSH adoption because of
> the security properties?   Certainly not in my experience...
>
> Maybe this calls for a survey/retrospective on reasons for adoption of SSH? :)

I can't speak of the experience of other companies, but I had a bunch of
sysadmins reporting to me at the time, and my recollection is that the main
reason why that SSH caught on over other secure versions of telnet or rsh
is because it could be used in script without having to place the
user's password
in plaintext anywhere. That was a major improvement because SSH allowed one
to authenticate to a remote system and execute a command without hard-coding
passwords or require manual input of said password. As such, it was ideal for
running automated scripts from crontab, at bootup, etc.

The fact that it did all this over a secure channel was really not
that important
to the sysadmins who worked with me. In fact, I can't recall a single one of
them who were concerned about that. Then again, network sniffing was pretty
rare back then, but they were definitely concerned about leaving passwords in
scripts where some unauthorized person could see them. (And yes, this meant
that they didn't protect the SSH private key with a passphrase...a practice that
is still common today when SSH is used for scripting.)

-kevin
-- 
Blog: http://off-the-wall-security.blogspot.com/
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We *cause* accidents."        -- Nathaniel Borenstein



More information about the cryptography mailing list