"cipher none" alternatives ?
Andrew Daviel
andrew at andrew.triumf.ca
Sat Mar 17 11:37:04 EST 2001
We are trying to upgrade from SSH1 to OpenSSH/SSH2.
I see that configuration support for "cipher NONE" was removed in OpenSSH.
Is there an alternative for this ?
We need to move big files (>100Mb) between machines on the Internet. In
the past we had used NFS or ftp but want to block those services at one or
both ends. Moving them with SSH 1 scp takes quite a bit of CPU effort for
encryption. (I had observed that for smaller files scp -c 3des was
noticably slower than NFS/ftp/scp -c none on 100BaseT links, though not on
10BaseT)
The datafiles themselves do not contain sensitive data, but we'd like to
use some better authentication method than ftp and preferably something
that would easily go through a firewall. As I understood things, scp -c
none with RSA authentication offers something like that.
We could presumably use HTTP GET to suck files if they were placed in a
webserver tree and use HTTP authentication. I'm not so sure about pushing
with POST or PUT.
Any suggestions ? Is it feasible to build OpenSSH with support for cipher
none ?
--
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376
security at triumf.ca
More information about the openssh-unix-dev
mailing list