ssh None cipher

Mark Martinec Mark.Martinec+freebsd at
Sat Oct 18 10:54:47 UTC 2014

If the purpose of having a none cipher is to have a fast
file transfer, then one should be using  sysutils/bbcp
for that purposes. Uses ssd for authentication, and
opens unencrypted channel(s) for the actual data transfer.
It's also very fast, can use multiple TCP streams.


On 10/18/14 06:10, Allan Jude wrote:
> On 2014-10-17 22:43, Benjamin Kaduk wrote:
>> On Fri, 17 Oct 2014, Ben Woods wrote:
>>> Whilst trying to replicate data from my FreeNAS to my FreeBSD home theater
>>> PC on my local LAN, I came across this bug preventing use of the None
>>> cipher:
>>> I think I could enable the None cipher by recompiling base with a flag in
>>> /etc/src.conf.
>> I agree.
>>> Is there any harm in enabling this by default, but having the None cipher
>>> remain disabled in /etc/ssh/sshd_config? That way people wouldn't have it
>>> on my default, but wouldn't have to recompile to enable it.
>> I do not see any immediate and concrete harm that doing so would cause,
>> yet that is insufficient for me to think that doing so would be a good
>> idea.
>> -Ben
>> _______________________________________________
>> freebsd-current at mailing list
>> To unsubscribe, send any mail to "freebsd-current-unsubscribe at"
> I've been using openssh-portable from ports with the none cipher patch
> to get around this.
> IIRC, upstream openssh refuses to merge the none cipher patches "because
> you shouldn't do that". But I'd vote for having it compiled in and just
> disabled by default.
> It will refuse to let you have a shell without encryption, and prints a
> big fat hairy warning when encryption is disabled.

More information about the freebsd-current mailing list