Cipher 'none'
Edward Avis
epa98 at doc.ic.ac.uk
Sat Oct 14 22:15:51 EST 2000
On Sat, 14 Oct 2000, Rob Hagopian wrote:
>Secure authentication without session encryption will always have a
>legitimate niche amongst some people.
>
>Would this be enough to deter use?
>a) a configure option, and
>b) a config file option for sshd, and
>c) has to be specified on the command line for ssh, and
>d) client prints out a warning whenever no cipher is found (unless a
> specific supression flag is given [so it would show up even with -q])
I think a configure option is probably not necessary. The whole point
is to let the user choose whether or not to use unencrypted connections
without having to recompile. I think that two config files on two
different machines plus a warning when ssh is run would suffice. The
ultra-paranoid might want a configure option to disable any possibility
of unencrypted connections... but is there a configure option to
permanently disable FallBackToRsh?
>The downside to these protections is it's more code in more places for
>such a simple change. I think just a configure option should be enough...
At the moment I've made a one-line change to the source, and edited
ssh_config. The warning message is already in there. One thing that
does seem to be missing from sshd_config is a way to specify what
ciphers are allowed for protocol version 1.
--
Ed Avis
epa98 at doc.ic.ac.uk
More information about the openssh-unix-dev
mailing list