[Bug 877] ssh 3.8.1p1 client cannot disable encryption with "-c none"

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon Jun 7 17:34:23 EST 2004


http://bugzilla.mindrot.org/show_bug.cgi?id=877





------- Additional Comments From mohit_aron at hotmail.com  2004-06-07 17:34 -------

> The "none" cipher is listed in the draft protocol spec as "OPTIONAL/NOT
> RECOMMENDED".

The draft obviously doesn't consider situations where encryption is unnecessary
(e.g. a VPN connection). The decision on whether to use or not use the none
cipher should be left to the user (or the sysadmin who sets the policy on 
sshd) - currently its been forced on both.

> It's also worth noting that the "none" cipher has been the source of at least
> one security problem (in SSH 1.2.x):
> http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1010

If the sshd daemon allows the none cipher even when the sysadmin configures it
not to, that's not the fault of the none cipher - that's a bug in the 
implementation.





------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list