[Bug 877] ssh 3.8.1p1 client cannot disable encryption with "-c none"

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon Jun 7 06:12:41 EST 2004


http://bugzilla.mindrot.org/show_bug.cgi?id=877





------- Additional Comments From mohit_aron at hotmail.com  2004-06-07 06:12 -------

Here is a posting made by Richard Silverman on comp.security.ssh that makes
several good points in support of this bug:


    BU> ??? What is the point of using ssh or scp without a cypher? Just        
    BU> use ftp, or rcp or whatever. It is NOT secure.                          
                                                                                
This point of view is much too simplistic; a connection is not just             
"secure" or "not secure" as if flipping a light switch.  An SSH-2               
connection using a null encryption cipher still has:                            
                                                                                
- server authentication and man-in-the-middle attack protection                 
  (i.e. you know who you're talking to)                                         
                                                                                
- cryptographically assured integrity protection (i.e. you know the data        
  is passed unchanged from one end to the other)                                
                                                                                
- strong client authentication (assuming obvious mistakes aren't made,          
  such as using password authentication over an unencrypted connection --       
  most implementations disallow this)                                           
                                                                                
So, if you don't care about privacy, but do care about these other              
properties, then using SSH with a null encryption cipher makes perfect          
sense.  Similar motivations are behind the existence of AH mode in IPSec        
as well as ESP.  In particular, it makes *no* sense to compare unencrypted      
SSH with "FTP, or rcp, or whatever;" these are entirely different.              



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list