Re: ssh None cipher

From: Mark Martinec <Mark.Martinec+freebsd_at_ijs.si>
Date: Sat, 18 Oct 2014 12:54:32 +0200
If the purpose of having a none cipher is to have a fast
file transfer, then one should be using  sysutils/bbcp
for that purposes. Uses ssd for authentication, and
opens unencrypted channel(s) for the actual data transfer.
It's also very fast, can use multiple TCP streams.

   Mark


On 10/18/14 06:10, Allan Jude wrote:
> On 2014-10-17 22:43, Benjamin Kaduk wrote:
>> On Fri, 17 Oct 2014, Ben Woods wrote:
>>
>>> Whilst trying to replicate data from my FreeNAS to my FreeBSD home theater
>>> PC on my local LAN, I came across this bug preventing use of the None
>>> cipher:
>>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=163127
>>>
>>> I think I could enable the None cipher by recompiling base with a flag in
>>> /etc/src.conf.
>>
>> I agree.
>>
>>> Is there any harm in enabling this by default, but having the None cipher
>>> remain disabled in /etc/ssh/sshd_config? That way people wouldn't have it
>>> on my default, but wouldn't have to recompile to enable it.
>>
>> I do not see any immediate and concrete harm that doing so would cause,
>> yet that is insufficient for me to think that doing so would be a good
>> idea.
>>
>> -Ben
>> _______________________________________________
>> freebsd-current_at_freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-current
>> To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org"
>>
>
> I've been using openssh-portable from ports with the none cipher patch
> to get around this.
>
> IIRC, upstream openssh refuses to merge the none cipher patches "because
> you shouldn't do that". But I'd vote for having it compiled in and just
> disabled by default.
>
> It will refuse to let you have a shell without encryption, and prints a
> big fat hairy warning when encryption is disabled.
>
Received on Sat Oct 18 2014 - 08:54:47 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:53 UTC