[Bug 877] ssh 3.8.1p1 client cannot disable encryption with "-c none"

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon Jun 7 05:43:22 EST 2004


------- Additional Comments From mouring at eviladmin.org  2004-06-07 05:43 -------
The whole point behind SSH protocol is not to leak sensitive information  and to stop MITM attacks.  
Where the second may not be an issue with ssh2 protocol due to the HMAC usage, but I still have to ask 
why would one want to throw away the security around private information?

Even if you encrypt authentification aspect of SSHv2 and left the sesson in clear text you still could leak 
information when you connect to other machines or using 'su' or 'sudo' to upgrade your security.

I think it is better if you believe that your machines can't handle encryption is to test the preformance 
to find a lowest cpu power encryption or buy a few encryptor cards to put into heavily used machines.

- Ben

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the openssh-bugs mailing list