Guerillartivism.net

I wonder if anything is being done about opportunistic encryption being activated as a special tunnel mode between 2 hosts using sshd on both sides. It wouldn't give any special account access or command execution, just a tunnel working outside-to-outside of the machines involved.

With the number of people running sshd these days, this could be fun! And you can even tunnel at Layer 2 which could be useful for some protocol and it could be ignored for some ports so to have good latency for applications that don't need this. Of course this might be too costly for large scale servers but in another way, it could create fun p2p networks like anonet has been doing for a while, with routing, etc...

Getting Opportunistic Encryption was the best idea the *S/Wan project had and i truly believe it was a great way to slowly but surely encrypting everything without breaking old protocols. Just like OTR did bring encryption to the IMs masses, SSH might do it for the rest of the protocols before we can get this lower in the stack...

So let's start with a white list of ports first, let's say, telnet and ftp (yeah i know, sounds stupid to tunnel telnet over ssh, but you get the point ;-)

What do you think?

For those who still use the default 1024-bits settings of GPG and others, think again ... :)

I found this little guide that let you run a fully encrypted Debian (read:"/" partition) on a USB stick. Have fun :)