encrypt authentication credentials with payload in the clear?

David Woodhouse dwmw2 at infradead.org
Wed Mar 5 03:42:17 EST 2003

On Tue, 2003-03-04 at 16:16, Ben Lindstrom wrote:

> In any respects, RFC strongly discourages no encryption (none
> OPTIONAL          no encryption; NOT RECOMMENDED).   So I doubt we will
> see -c none for v2 protocol.

Nevertheless, it's not _unconditionally_ stupid. Consider, for example,

Host *.mynet.internal
	ProxyCommand ssh -c none -C bastion.mynet.external netcat %h %p

When the client is a 200MHz StrongARM-based PDA, running 
'ssh mail.mynet.internal exec imapd' to get at its mail server, 
there's not a great deal of point in using up its CPU and battery in
encrypting the traffic twice, when once would suffice perfectly well.


More information about the openssh-unix-dev mailing list