Amateur Radio/FCC and the "none" encryption option

Chris Rapier rapier at
Fri Nov 18 06:28:52 EST 2005

> Don't the high-performance networking patch guys also keep a none
> option available. afaik they have working patches for the latest and
> greatest openssh versions.

Yes we do. It uises cipher switching so the authentication is still 
encrypted using the default cipher or whatever is specified with the -c 
option. After authentication takes place we switch over to the NONE cipher.

> No comment here... developer decision ;) But I wouldn't mind if the
> none version from hpn would be included... as long as it's never ever
> used as a default :) and prints a huge warning if it ever is used
> without some switch/configoption to disable the warning ;)

Well, its perfectly understandable if the decision is made not to 
incorporate the NONE cipher switch we use. I've always fel the primary 
mission of OpenSSH is security and all decisions have to be made with 
that in mind. While we don't see the NONE switch as a big deal it is, 
without a doubt, a possible source of problems for less than vigilant 
users. We do print out a warning we the NONE switch takes place and we 
also have some safeguards in place to make sure it is not used with an 
interactive shell but nothing is 100%, ya know?

More information about the openssh-unix-dev mailing list