enable none cipher
Curt, WE7U
archer at eskimo.com
Tue Nov 27 05:45:00 EST 2007
On Mon, 26 Nov 2007, Chris Rapier wrote:
> You should not enable the none cipher in the base OpenSSH code as it is
> a serious security problem. The data you are sending might not be worth
> encrypting but your authentication should *always* be encrypted. If you
> do want to use the none cipher in a safer way you should get the HPN-SSH
> patch from http://www.psc.edu/networking/projects/hpn-ssh. This patch,
> in addition to some other things, re-implements the none cipher but
> maintains secure authentication. There is a caveat in that you cannot
> use the none cipher in interactive sessions - its only for bulk data
> transfers.
>
> You'll need to read the HPN12-README file to learn how to use it.
I wish the above mentioned patch could be added to the normal
distribution. Ham-radio people that want to use SSH over the air
cannot encrypt data communications in the U.S. by FCC regulation,
but we are allowed to do authentication.
If the regular distribution of openssh had this capability in it
again, we could use the standard package off Linux CD's rather than
requiring each user to compile the package from sources. For a few
of us it isn't a big problem, but for the community as a whole, it
is.
Any chance of rolling this patch into the main distribution? I
asked this some months ago and received zero responses. Pretty
please?
--
Curt, WE7U: <www.eskimo.com/~archer/> XASTIR: <www.xastir.org>
"Lotto: A tax on people who are bad at math." -- unknown
"Windows: Microsoft's tax on computer illiterates." -- WE7U
The world DOES revolve around me: I picked the coordinate system!
More information about the openssh-unix-dev
mailing list