Clear-Text Patch? was: Re: OpenSSH 5.1: call for testing

Curt, WE7U archer at eskimo.com
Thu Jul 10 00:45:40 EST 2008


On Wed, 9 Jul 2008, Damien Miller wrote:

> On Tue, 8 Jul 2008, Curt, WE7U wrote:
>
>> Does this version have the clear-text-after-authentication patch in
>> it?
>
> No - we have said repeatedly that we are not interested in adding support
> for the "none" cipher.

I subscribed to this list several years back.  I've not brought this
topic up often, but to my recollection have not received as clear an
answer as you indicate above during the time I've been subscribed.

Not knowing who all of the developers are (or who speaks for the
developers), it's hard to judge what the level of interest is among
them.  There has been interest both on and off the list but I have
no way of knowing whether that interest was among developers, users,
or both.


>> The amateur radio people still need this tweak in order to use
>> OpenSSH over ham radio data links.  The FCC does not allow
>> encryption of data on our frequencies, but does allow encryption for
>> authentication purposes.
>
> I'm sorry about your government's stupid laws, but I think that there
> is much potential for users to harm themselves if we were to add the
> null cipher.

It's likely that your government or other nearby governments have
similar "stupid" laws for amateur radio.  Many do.  Radio links know
no political boundaries, so encryption over radio links tends to
make the powers-that-be nervous and they legislate against it.
Either that or they borrowed bits from FCC regulations which is also
common.

Why would users be so stupid as to get in trouble with something
like:  "--NONE_CIPHER_PLEASE_DONT_USE" or
"--NO_CIPHER_HAM_RADIO_ONLY" or similar?  I generally assume my
users are intelligent and am not often disappointed.  There are
obvious ways to make a NULL cipher available from the command-line
without letting users get into trouble with it.

Are you aware that hams have a link-level protocol used for
over-the-air that is actually part of distributed Linux kernel
sources?  We send TCP/IP and other protocols over lower-level AX.25
protocol nicely.  With a NULL-Cipher patch we'd be able to use SSH
over AX.25 to authenticate.  At one time we were able to, but it was
years ago and I can't recall now which version of SSH supported it.
It was a feature we had gotten quite used to and was available on
any Linux box at the time.

Today with the large number of embedded Linux devices out there it
would be VERY handy to be able to remotely configure mountaintop
systems using OpenSSH.  Many repeater sites are snow-bound most of
the year making physical access impossible until late spring or
summer.  Data links over radio make it possible to maintain these
systems.

I was hoping that the OpenSSH project might eventually support such
operation:  I wouldn't bring the topic up every six months to a year
if I didn't think it was important and useful.  Hams do amazing work
in emergency services, providing radio links in/out of affected
areas, all for free.  How about making it easier for us to continue
to provide such services to your community and others?

Curt, proud member of Snohomish County Search and Rescue, ham for 29
years, admin on the Xastir open-source project, contributor to many
others.

-- 
Curt, WE7U.				archer at eskimo dot com
http://www.eskimo.com/~archer
   Lotto:  A tax on people who are bad at math. - unknown
Windows:  Microsoft's tax on computer illiterates. - WE7U.
The world DOES revolve around me:  I picked the coordinate system!"


More information about the openssh-unix-dev mailing list