Cipher 'none'
Richard E. Silverman
res at shore.net
Fri Oct 13 23:51:22 EST 2000
For the SSH-2 protocol, I agree with your comments. I think the "none"
cipher should be available in the standard build, and the client should
print a prominent warning message on connection (and password
authentication should be disabled, of course). A security concern you
didn't mention is that an attacker might surreptitiously add "cipher none"
to a config file, invisibly rendering connections readable unless someone
uses debug mode and notices the cipher; printing a warning helps alleviate
this concern.
However, for SSH-1, I believe "none" should remain disabled, since without
encryption you effectively lose server authentication and integrity as
well. This is just too weak to tolerate. SSH-2 does not suffer from this
problem.
--
Richard Silverman
slade at shore.net
More information about the openssh-unix-dev
mailing list