Cipher 'none'
Richard E. Silverman
res at shore.net
Sun Oct 15 15:27:16 EST 2000
On Sat, 14 Oct 2000, Rachit Siamwalla wrote:
> I agree with people who want the option to allow cipher "none"...
> i just want to make sure the evil guy cannot make those RPC's to my
> machines themselves ...
> Also, having the capability to allow "FallbackToRSH" is probably much
> worse than allowing "Cipher none" in the first place.
FallBackToRsh is only an option with SSH-1. As I mentioned earlier in
this thread, without encryption, both server authentication and integrity
checking are ineffective in the SSH-1 protocol, so there's not much point
in using SSH at all at that point.
With SSH-2, it is at least a viable option, if you truly don't care about
confidentiality.
--
Richard Silverman
slade at shore.net
More information about the openssh-unix-dev
mailing list