Clear-Text Patch? was: Re: OpenSSH 5.1: call for testing

Thu Jul 10 13:15:51 EST 2008

On Wed, 9 Jul 2008, Curt, WE7U wrote:

> On Wed, 9 Jul 2008, Damien Miller wrote:
> 
> > On Tue, 8 Jul 2008, Curt, WE7U wrote:
> >
> >> Does this version have the clear-text-after-authentication patch in
> >> it?
> >
> > No - we have said repeatedly that we are not interested in adding support
> > for the "none" cipher.
> 
> I subscribed to this list several years back.  I've not brought this
> topic up often, but to my recollection have not received as clear an
> answer as you indicate above during the time I've been subscribed.
> 
> Not knowing who all of the developers are (or who speaks for the
> developers), it's hard to judge what the level of interest is among
> them.  There has been interest both on and off the list but I have
> no way of knowing whether that interest was among developers, users,
> or both.

There has certainly been some interest in users, but not any amongst
the other developers that I'm aware of (you can get an idea of who is
working on OpenSSH by looking at the ChangeLog file in the distribution
btw).

Let me explain our rationale a little more:

OpenSSH is a security tool used by lots of people of wildly varying
technical skill and cryptographic fluency, so we want to make it as
foolproof as possible. Part of this means that we are willing to
deliberately exclude dangerous options even if users want them.

Generally, the people who require esoteric or dangerous options also
happen to be the people who are technical enough to patch them in
themselves.

> It's likely that your government or other nearby governments have
> similar "stupid" laws for amateur radio.  Many do.  Radio links know
> no political boundaries, so encryption over radio links tends to
> make the powers-that-be nervous and they legislate against it.
> Either that or they borrowed bits from FCC regulations which is also
> common.

Please don't read too much into my throwaway line about laws - I'm not
opposed to adding the null cipher because of politics, it is really
about user safety.

> Why would users be so stupid as to get in trouble with something
> like:  "--NONE_CIPHER_PLEASE_DONT_USE" or
> "--NO_CIPHER_HAM_RADIO_ONLY" or similar?  I generally assume my
> users are intelligent and am not often disappointed.  There are
> obvious ways to make a NULL cipher available from the command-line
> without letting users get into trouble with it.

No. Unfortunately distributors of OpenSSH have a imperfect record of
changing defaults and turning on options that we recommend against.
Invariably, the support requests and blame when things go wrong come
back to us.

Also, once you are at the point of having to do a custom compile of
OpenSSH to get the options you want then adding a small patch is 
very low additional overhead anyway.

> Today with the large number of embedded Linux devices out there it
> would be VERY handy to be able to remotely configure mountaintop
> systems using OpenSSH.  Many repeater sites are snow-bound most of
> the year making physical access impossible until late spring or
> summer.  Data links over radio make it possible to maintain these
> systems.
> 
> I was hoping that the OpenSSH project might eventually support such
> operation:  I wouldn't bring the topic up every six months to a year
> if I didn't think it was important and useful.  Hams do amazing work
> in emergency services, providing radio links in/out of affected
> areas, all for free.  How about making it easier for us to continue
> to provide such services to your community and others?

We will help by doing our best to keep OpenSSH a high quality product,
but we are not willing to be "all things to all people".

-d