The cipher 'none' in OpenSSH

Oliver M . Bolzer oliver at gol.com
Sat Jan 15 01:58:47 EST 2000 

Hallo to everyone!
First I would like to thank everybody for making a free implementation
of ssh available.

I am administrating the network at the computer science department of
the University of Munich. Here, rcp (as in many other places, I guess)
is banned for security reasons. I, aswell as others, use scp regulary
to copy files from one machine to another.
The problem is, that the transfer rate is nowhere near what an 100Mbps
connection would give. To and from my P5-233 laptop gets only about
350KBps. Between P6-450 machines the performance is about double. In contrast
if I used ftp, I'd get much much more. I checked and noticed, that ssh
used up all the CPU power for encrypting the data.
I remember ssh-nonfree having a cipher 'none' which does not encrypt
the actual data. But it's not available in OpenSSH up to 1.2.1pre25 .
I checked the source and all the infrastructure seemed to be there, so
I added support for "-c none". See the attached patch.
It has been tested between two up-todate Debian Linux (potato) boxes
runngin Linux 2.2.13 and Linux 2.3.32 with openssh-1.2.1pre25.
On the above said laptop transfer rates of 3MBps was obtained (loopback
test)
 
Because authentication is still done using RSA keys, there should be
no huge security impacts. Also "-c none" would only be explictly specified
by the user when transfering large files.
As I am not subscribed to the list, I'd appreciate if any replied could
be Cc:-ed to me. Thanks.

-- 

	Oliver M. Bolzer
	oliver at gol.com

GPG (PGP) Fingerprint = 621B 52F6 2AC1 36DB 8761  018F 8786 87AD EF50 D1FF

-------------- next part --------------
Only in openssh-1.2.1pre25: Makefile
diff -ur openssh-1.2.1pre25.orig/cipher.c openssh-1.2.1pre25/cipher.c
--- openssh-1.2.1pre25.orig/cipher.c	Tue Dec 14 23:34:31 1999
+++ openssh-1.2.1pre25/cipher.c	Fri Jan 14 14:37:16 2000
@@ -148,6 +148,7 @@
 	unsigned int mask = 0;
 	mask |= 1 << SSH_CIPHER_3DES;		/* Mandatory */
 	mask |= 1 << SSH_CIPHER_BLOWFISH;
+	mask |= 1 << SSH_CIPHER_NONE;
 	return mask;
 }
 
diff -ur openssh-1.2.1pre25.orig/ssh.c openssh-1.2.1pre25/ssh.c
--- openssh-1.2.1pre25.orig/ssh.c	Wed Dec 29 00:17:09 1999
+++ openssh-1.2.1pre25/ssh.c	Fri Jan 14 14:40:50 2000
@@ -106,7 +106,8 @@
 
 	fprintf(stderr, "  -c cipher   Select encryption algorithm: "
 			"``3des'', "
-			"``blowfish''\n");
+			"``blowfish'', "
+			"``none''\n");
 	fprintf(stderr, "  -p port     Connect to this port.  Server must be on the same port.\n");
 	fprintf(stderr, "  -L listen-port:host:port   Forward local port to remote address\n");
 	fprintf(stderr, "  -R listen-port:host:port   Forward remote port to local address\n");

More information about the openssh-unix-dev mailing list