[EXT] Re: enabling "none" cipher

[Chris Rapier]

On 1/12/26 16:48, Darren Tucker wrote:
> On Tue, 13 Jan 2026 at 08:08, Blumenthal, Uri - 0553 - MITLL <uri at ll.mit.edu>
> wrote:
>> Isn't “none” cipher still authenticated, for both login and traffic?
> 
> The cipher itself is not, but there is a separate Message Authentication
> Code (MAC) on each SSH packet.  The spec also allows the MAC to be "none"
> but OpenSSH doesn't and offhand I don't know of an implementation that does.

HPN-SSH does that for people who really like to live on the edge. In 
some cases we see a 30-40% improvement in throughput. We don't suggest 
it in most cases though but when we were migrating file systems in our 
data center (18+PB) it made a difference in our parallel rsyncs. There 
are other options we've been exploring to improve MAC performance but 
those gains are much more incremental. We have found that for some MACs 
using OpenSSL calls are more efficient but it doesn't have the same 
coverage in terms of available MACs.

>> Don’t some organization care for authenticity, though not (that much) for
> confidentiality
> 
> Without SSH encryption, the passwords in password based logins (including
> keyboard-interactive) are also in plain text.  This is probably why even
> the HPN folks don't start with none, but instead start with a cipher then
> later rekey to "none".

Absolutely true. We're playing a bit loose with the SSH RFC but we're 
not interested in breaking it entirely. It's also why we don't allow it 
if a TTY is assigned - I don't want people typing in a password during 
an interactive session.

Chris