Amateur Radio/FCC and the "none" encryption option
Chris Rapier
rapier at psc.edu
Fri Nov 18 06:28:52 EST 2005
>
> Don't the high-performance networking patch guys also keep a none
> option available. afaik they have working patches for the latest and
> greatest openssh versions.
Yes we do. It uises cipher switching so the authentication is still
encrypted using the default cipher or whatever is specified with the -c
option. After authentication takes place we switch over to the NONE cipher.
> No comment here... developer decision ;) But I wouldn't mind if the
> none version from hpn would be included... as long as it's never ever
> used as a default :) and prints a huge warning if it ever is used
> without some switch/configoption to disable the warning ;)
Well, its perfectly understandable if the decision is made not to
incorporate the NONE cipher switch we use. I've always fel the primary
mission of OpenSSH is security and all decisions have to be made with
that in mind. While we don't see the NONE switch as a big deal it is,
without a doubt, a possible source of problems for less than vigilant
users. We do print out a warning we the NONE switch takes place and we
also have some safeguards in place to make sure it is not used with an
interactive shell but nothing is 100%, ya know?
More information about the openssh-unix-dev
mailing list