Can we disable SSH compression by default?
Yegor Ievlev
koops1997 at gmail.com
Sat Feb 16 23:29:18 AEDT 2019
Compressing data before encryption may be dangerous, for example
CRIME, BREACH and VORACLE. Can compression be disabled by default in
OpenSSH, only being enabled if user requests it?
Another scenario when SSH compression may be bad is use of commands
like tar cz | ssh root at remote "tar xz", which seem pretty common. If
SSH compression is enabled, data will be (wastefully) compressed
twice.
More information about the openssh-unix-dev
mailing list