On 2014-10-17 22:43, Benjamin Kaduk wrote: > On Fri, 17 Oct 2014, Ben Woods wrote: > >> Whilst trying to replicate data from my FreeNAS to my FreeBSD home theater >> PC on my local LAN, I came across this bug preventing use of the None >> cipher: >> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=163127 >> >> I think I could enable the None cipher by recompiling base with a flag in >> /etc/src.conf. > > I agree. > >> Is there any harm in enabling this by default, but having the None cipher >> remain disabled in /etc/ssh/sshd_config? That way people wouldn't have it >> on my default, but wouldn't have to recompile to enable it. > > I do not see any immediate and concrete harm that doing so would cause, > yet that is insufficient for me to think that doing so would be a good > idea. > > -Ben > _______________________________________________ > freebsd-current_at_freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org" > I've been using openssh-portable from ports with the none cipher patch to get around this. IIRC, upstream openssh refuses to merge the none cipher patches "because you shouldn't do that". But I'd vote for having it compiled in and just disabled by default. It will refuse to let you have a shell without encryption, and prints a big fat hairy warning when encryption is disabled. -- Allan Jude
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:53 UTC