Warning message at password prompt

Edward Avis epa98 at doc.ic.ac.uk
Thu Feb 14 21:10:07 EST 2002

Hash: SHA1

On Thu, 14 Feb 2002, Damien Miller wrote:

>>I've patched my local OpenSSH (currently 2.9p2, but the same patch
>>applies to 3.0.2) to allow the cipher 'none' for both SSH1 and SSH2
>>connections.  With SSH1, there is already code to print a warning
>>that any password you enter will be sent in plain text.  However the
>>userauth_passwd() in sshconnect2.c does not have any such warning.

>I don't understand, OpenSSH always uses encryption.

I just wanted to ask if there is any way for userauth_passwd() to find
out what kind of encryption is being used.  Then if the encryption is
'none' it can print a warning or maybe disallow plain text passwords

The standard OpenSSH release does not support 'none', only 3DES and
Blowfish (AFAIK), so there is no need for such a warning.  But I would
like to add the code for it to my local copy which I have patched to
enable unencrypted connections.  I understand that the OpenSSH
maintainers don't want to support this in the main release, but it is
useful to me and to some others.

If anyone could suggest ways to find out what from sshconnect2.c what
cipher is being used, that would be a real help.

- -- 
Ed Avis <epa98 at doc.ic.ac.uk>
Finger for PGP key
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org


More information about the openssh-unix-dev mailing list