Re: encrypting files with SSH???

in comp.unix.admin i read:
>those who know me have no need of my name <not-a-real-address@usa.net> wrote:
>> in comp.unix.admin i read:

>>> No, I didn't stutter, nor am I unaware of PGP, GPG, etc....
>
>>> Has anyone seen or used SSH or a SSH based tool to encrypt a file? I've
>>> been specifically asked to see if this is possible.
>
>> no. the whole notion is idiotic. shoot the programmer that suggested it.
>
> Well, it's not idiotic. If you were going to transfer one file to many
> different hosts over ssh/scp then it makes sense to encrypt once and
> just send the pre-encrypted/pre-signed packets. This is similar to an
> optimization for web servers that cache a sequence of TCP packets with
> the checksums pre-computed.

i agree that encrypting once would have better performance than doing so
multiple times. that doesn't alter my opinion that the particular method
remains idiotic. pre-encryption isn't the purpose of ssh, they leave that
to other tools. distributing an encrypted file via some other distribution
mechanism is entirely sensible.

> I suppose we could have ssh open a connection, run a netcat command
> (pick a random port for the listen and restrict it to accepting connections
> from just one source IP --- just to minimize the DoS exposure), then
> have the local end nc the file to that destination.

i'm not sure what you think this accomplishes, as gpg was specifically
excluded in the original request.

--
a signature