If the purpose of having a none cipher is to have a fast file transfer, then one should be using sysutils/bbcp for that purposes. Uses ssd for authentication, and opens unencrypted channel(s) for the actual data transfer. It's also very fast, can use multiple TCP streams. Mark On 10/18/14 06:10, Allan Jude wrote: > On 2014-10-17 22:43, Benjamin Kaduk wrote: >> On Fri, 17 Oct 2014, Ben Woods wrote: >> >>> Whilst trying to replicate data from my FreeNAS to my FreeBSD home theater >>> PC on my local LAN, I came across this bug preventing use of the None >>> cipher: >>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=163127 >>> >>> I think I could enable the None cipher by recompiling base with a flag in >>> /etc/src.conf. >> >> I agree. >> >>> Is there any harm in enabling this by default, but having the None cipher >>> remain disabled in /etc/ssh/sshd_config? That way people wouldn't have it >>> on my default, but wouldn't have to recompile to enable it. >> >> I do not see any immediate and concrete harm that doing so would cause, >> yet that is insufficient for me to think that doing so would be a good >> idea. >> >> -Ben >> _______________________________________________ >> freebsd-current_at_freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-current >> To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org" >> > > I've been using openssh-portable from ports with the none cipher patch > to get around this. > > IIRC, upstream openssh refuses to merge the none cipher patches "because > you shouldn't do that". But I'd vote for having it compiled in and just > disabled by default. > > It will refuse to let you have a shell without encryption, and prints a > big fat hairy warning when encryption is disabled. >Received on Sat Oct 18 2014 - 08:54:47 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:53 UTC