Warning message at password prompt

Edward Avis epa98 at doc.ic.ac.uk
Thu Feb 14 21:38:10 EST 2002

Hash: SHA1

On Thu, 14 Feb 2002, Damien Miller wrote:

>>If anyone could suggest ways to find out what from sshconnect2.c what
>>cipher is being used, that would be a real help.
>Why don't you send a debugging message from kex.c if you negotiate
>cipher none in either direction?

So it is kex.c that negotiates the cipher to use.  And this is
negotiated just once at the start of the connection.  (Just checking)

I could print a warning if 'none' is negotiated, but I would prefer to
set a global flag and test it at the password prompt.  The cipher 'none'
is used only if explicitly asked for on the command line, so warning
about the user's deliberate choice seems redundant.  But sending a
password in cleartext is so serious that I would like an additional
are-you-sure for that.  This is consistent with what protocol version 1
does (the warning code is still there although it doesn't normally get

Do you think that creating a new global variable (using_insecure_cipher,
say) is the best way to implement this?  I could do that but I wanted to
check first that there is no cleaner way.

- -- 
Ed Avis <epa98 at doc.ic.ac.uk>
Finger for PGP key
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org


More information about the openssh-unix-dev mailing list