turning on none cipher for v1 and v2 server
mouring at etoh.eviladmin.org
mouring at etoh.eviladmin.org
Wed Jul 4 02:34:52 EST 2001
On Tue, 3 Jul 2001, Mordechai Ovits wrote:
> On Tuesday 03 July 2001 12:23, Pekka Savola wrote:
> > On Tue, 3 Jul 2001, Mordechai Ovits wrote:
> > > Hi all,
> > > Is there a straightforward way to enable the none cipher for v1 and v2 in
> > > the server?
> >
> > No. It has been made difficult on purpose, for obvious reasons.
>
> Well, they're not obvious to me. I have a requirement for secure
> authentication, but cleartext traffic. Why make this so hard to do? It
> ought to be compiled out by default, to prevent accidents, but a ./configure
> option should be available.
>
Put it simplity..
using 'none' cipher can result in man-in-the-middle attacks against you.
And since ssh was designed to protect against that and against information
leakage it would break the integerity of protocol to support such a thing.
I have seen people hack 'none' into the ssh client. However, we will not
support such things.
- Ben
More information about the openssh-unix-dev
mailing list