[Bug 877] ssh 3.8.1p1 client cannot disable encryption with "-c none"
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Mon Jun 7 05:43:22 EST 2004
http://bugzilla.mindrot.org/show_bug.cgi?id=877
------- Additional Comments From mouring at eviladmin.org 2004-06-07 05:43 -------
The whole point behind SSH protocol is not to leak sensitive information and to stop MITM attacks.
Where the second may not be an issue with ssh2 protocol due to the HMAC usage, but I still have to ask
why would one want to throw away the security around private information?
Even if you encrypt authentification aspect of SSHv2 and left the sesson in clear text you still could leak
information when you connect to other machines or using 'su' or 'sudo' to upgrade your security.
I think it is better if you believe that your machines can't handle encryption is to test the preformance
to find a lowest cpu power encryption or buy a few encryptor cards to put into heavily used machines.
- Ben
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list