turning on none cipher for v1 and v2 server

Mordechai Ovits movits at bloomberg.com
Wed Jul 4 02:55:15 EST 2001


On Tuesday 03 July 2001 12:34, mouring at etoh.eviladmin.org wrote:
> On Tue, 3 Jul 2001, Mordechai Ovits wrote:
> > On Tuesday 03 July 2001 12:23, Pekka Savola wrote:
> > > On Tue, 3 Jul 2001, Mordechai Ovits wrote:
> > > > Hi all,
> > > > Is there a straightforward way to enable the none cipher for v1 and
> > > > v2 in the server?
> > >
> > > No.  It has been made difficult on purpose, for obvious reasons.
> >
> > Well, they're not obvious to me.  I have a requirement for secure
> > authentication, but cleartext traffic.  Why make this so hard to do?  It
> > ought to be compiled out by default, to prevent accidents, but a
> > ./configure option should be available.
>
> Put it simplity..
>
> using 'none' cipher can result in man-in-the-middle attacks against you.
> And since ssh was designed to protect against that and against information
> leakage it would break the integerity of protocol to support such a thing.
>
> I have seen people hack 'none' into the ssh client.  However, we will not
> support such things.
>
> - Ben

Well, I need it for business reasons.   Can you point me to the people that 
hacked the support in?

Thanks,
Mordy
-- 
Mordy Ovits
Network Engineer
Bloomberg L.P.



More information about the openssh-unix-dev mailing list