enabling "none" cipher
Chris Rapier
rapier at psc.edu
Thu Jan 15 07:03:34 AEDT 2026
On 1/14/26 01:32, Jochen Bern wrote:
> On 13/01/2026 21:05, Chris Rapier wrote:
>> On 1/12/26 13:45, Loganaden Velvindron wrote:
>>> They might as well go back to telnet and ftp ?
>>
>> The way the none cipher is enabled in the patches prevents it from
>> being used for authentication. It switches to the none cipher post
>> auth (when the private key would normally be used). You still get
>> encrypted authentication but the data transfer is en clear.
> So, *still* comparable to telnet/ftp, if you use e.g. PAM to add a round
> of challenge-response auth to the logins ... :-3
I suppose but keep in mind that I'm not making claims of the transfer
being secure other than on the authentication side. It's an option for
people that want to use it, not a default. In fact, to use it you have
to manually edit the server config to explicitly allow it. Is it
possible that someone might screw up something by using it? Absolutely.
That's on them.
More information about the openssh-unix-dev
mailing list