turning on none cipher for v1 and v2 server

Pekka Savola pekkas at netcore.fi
Wed Jul 4 02:39:04 EST 2001


On Tue, 3 Jul 2001, Mordechai Ovits wrote:
> On Tuesday 03 July 2001 12:23, Pekka Savola wrote:
> > On Tue, 3 Jul 2001, Mordechai Ovits wrote:
> > > Hi all,
> > > Is there a straightforward way to enable the none cipher for v1 and v2 in
> > > the server?
> >
> > No.  It has been made difficult on purpose, for obvious reasons.
>
> Well, they're not obvious to me.  I have a requirement for secure
> authentication, but cleartext traffic.  Why make this so hard to do?  It
> ought to be compiled out by default, to prevent accidents, but a ./configure
> option should be available.

When people use SSH, they expect to feel safe.  Supporting DES encryption,
no encryption etc. undermines this expectation.  Sending cleartext traffic
also makes you more vulnerable to spying, etc.

"None" encryption does not encrypt the authentication phase.

This issue has come up before too; you might want to check archives if
interested, e.g.:

Date: Fri, 13 Oct 2000 13:35:27 +0100 (BST)
From: Edward Avis <epa98 at doc.ic.ac.uk>
To: openssh-unix-dev at mindrot.org
Subject: Cipher 'none'

-- 
Pekka Savola                 "Tell me of difficulties surmounted,
Netcore Oy                   not those you stumble over and fall"
Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords






More information about the openssh-unix-dev mailing list