Cipher 'none'

Edward Avis epa98 at doc.ic.ac.uk
Sat Oct 14 02:11:12 EST 2000 

On Fri, 13 Oct 2000, Richard E. Silverman wrote:

[should the user be allowed to select cipher 'none'?]

>For the SSH-2 protocol, I agree with your comments.  I think the "none"
>cipher should be available in the standard build, and the client should
>print a prominent warning message on connection

Yep.

>(and password authentication should be disabled, of course).

Not necessarily - if you trust the network there's no problem with
sending the password over it.  But such blatant insecurity might be too
much for ssh developers to swallow.

Authentication happens only once for each connection, so it doesn't
really matter how slow it is.  There's no problem with requiring
key + passphrase authentication, except maybe that it requires users to
manage another password.

>A security concern you
>didn't mention is that an attacker might surreptitiously add "cipher none"
>to a config file,

He'd have to add it on both the client and server (I'm imagining that
sshd in the default configuration would not accept 'none').  That would
require root access on the server at least.  If you have root access you
could do what you wanted anyway.  And if you have access to a user's
account to edit ~/.ssh/ssh_config you could probably put a trojan 'ssh'
binary in the user's PATH.  So I don't think it raises any new concerns.

>However, for SSH-1, I believe "none" should remain disabled, since without
>encryption you effectively lose server authentication and integrity as
>well.  This is just too weak to tolerate.

Depends.  You pick what level of security you need depending on your
environment.

OTOH, you do have a point - it would get just too clumsy to print
several warnings about cleartext passwords, suspect servers and so on.

>SSH-2 does not suffer from this problem.

It looks as if SSH-2 with DSA authentication and no encryption is the
best compromise between security and speed for slowish machines on a
fast, trusted network.  Provided the user deliberately chooses to enable 
it, of course.

-- 
Ed Avis
epa98 at doc.ic.ac.uk

More information about the openssh-unix-dev mailing list