SSH with authentication and no privacy

coderman coderman at gmail.com
Wed Nov 16 09:39:57 EST 2005


Previous threads have discussed the now deprecated NONE cipher and the
rationale for its removal.  Recent posts on FCC compliance indicate
the usefulness of authentication without privacy for packet radio.

I also find this useful for transfers between IPsec protected
endpoints.  Authentication is then useful for user
administration/privileges but encryption is not necessary given the
IPsec transport.

Is there a compromise that would be acceptable to the ssh maintainers
which provides an authenticated ssh mode without privacy?  IPsec has
long been able to support such a mode (AH without ESP) and there is a
legitimate need as mentioned before.

Concern for accidental disclosure due to user error or
misconfiguration is legitimate.  Would the following changes be
acceptable?

- Require an ssh[d]_config option which explicitly allows
authentication without privacy.  This would be defaulted to off /
commented in the example config files.

- Require an ssh/scp/* flag on command line to enable authentication
without privacy (in addition to config file approval).  HPN uses the
'-z' option.

- When used in this mode a message would be printed to stderr
indicating the lack of privacy.  HPN prints a 'WARNING: ENABLED NULL
CIPHER' for scp but not ssh.  Perhaps 'WARNING: privacy is disabled,
plaintext mode selected' would be more explanatory.

I would be willing to work on such a patch if this would address
maintainer concerns about unintended disclosure while providing the
useful feature of authentication without privacy.

Best regards,




More information about the openssh-unix-dev mailing list