"cipher none" alternatives ?
Rob Hagopian
rob at hagopian.net
Tue Mar 20 09:08:51 EST 2001
There's an older thread about this, you can hack in none support really
easily, but I did performance tests between arcfour and none on Dual PIII
850Mhz machines and there was no significant performance difference. One
of the developers here asked for full profiling info but I haven't had
time to assemble it...
-Rob
On Fri, 16 Mar 2001, Andrew Daviel wrote:
>
> We are trying to upgrade from SSH1 to OpenSSH/SSH2.
>
> I see that configuration support for "cipher NONE" was removed in OpenSSH.
>
> Is there an alternative for this ?
>
> We need to move big files (>100Mb) between machines on the Internet. In
> the past we had used NFS or ftp but want to block those services at one or
> both ends. Moving them with SSH 1 scp takes quite a bit of CPU effort for
> encryption. (I had observed that for smaller files scp -c 3des was
> noticably slower than NFS/ftp/scp -c none on 100BaseT links, though not on
> 10BaseT)
>
> The datafiles themselves do not contain sensitive data, but we'd like to
> use some better authentication method than ftp and preferably something
> that would easily go through a firewall. As I understood things, scp -c
> none with RSA authentication offers something like that.
>
> We could presumably use HTTP GET to suck files if they were placed in a
> webserver tree and use HTTP authentication. I'm not so sure about pushing
> with POST or PUT.
>
> Any suggestions ? Is it feasible to build OpenSSH with support for cipher
> none ?
>
>
More information about the openssh-unix-dev
mailing list