enabling "none" cipher
Chris Rapier
rapier at psc.edu
Wed Jan 14 07:05:29 AEDT 2026
On 1/12/26 13:45, Loganaden Velvindron wrote:
> On Fri, 19 Dec 2025 at 12:03, Darren Tucker <dtucker at dtucker.net> wrote:
>>
>> On Fri, 19 Dec 2025 at 18:17, Nacho via openssh-unix-dev <
>> openssh-unix-dev at mindrot.org> wrote:
>>
>>> [...]
>>> Is it possible that there is no native support for "none" cipher in
>>> OpenSSH and
>>> this is just implemented by third party patches?
>>>
>>
>> Stock OpenSSH does not support the "none" cipher. It's counter to the
>> project's goals of "putting an end to unencrypted logins" and "keeping your
>> communiques secret", and it's also the kind of thing that has been used for
>> protocol downgrade attacks in the past.
>>
> They might as well go back to telnet and ftp ?
The way the none cipher is enabled in the patches prevents it from being
used for authentication. It switches to the none cipher post auth (when
the private key would normally be used). You still get encrypted
authentication but the data transfer is en clear. This can be useful in
some situations such as transferring large public data sets.
More information about the openssh-unix-dev
mailing list