On 11/11/2015 7:49 AM, Daniel Kalchev wrote: > It is my understanding, that using the NONE cypher is not identical to using “the old tools” (rsh/rlogin/rcp). > > When ssh uses the NONE cypher, credentials and authorization are still encrypted and verified. Only the actual data payload is not encrypted. > > Perhaps similar level of security could be achieved by “the old tools” if they were by default compiled with Kerberos. Although, this still requires building additional infrastructure. > > I must have missed the explanation. But why having a NONE cypher compiled in, but disabled in the configuration is a bad idea? My reasoning for wanting SSH/SCP with NONE is precisely because of the ssh key support. It simplifies a lot to be able to use the same key over a VPN and not over the VPN to connect to the same system. -- Regards, Bryan Drewery
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:00 UTC