ssh None cipher

Mark Martinec Mark.Martinec+freebsd at ijs.si
Sat Oct 18 10:54:47 UTC 2014


If the purpose of having a none cipher is to have a fast
file transfer, then one should be using  sysutils/bbcp
for that purposes. Uses ssd for authentication, and
opens unencrypted channel(s) for the actual data transfer.
It's also very fast, can use multiple TCP streams.

   Mark


On 10/18/14 06:10, Allan Jude wrote:
> On 2014-10-17 22:43, Benjamin Kaduk wrote:
>> On Fri, 17 Oct 2014, Ben Woods wrote:
>>
>>> Whilst trying to replicate data from my FreeNAS to my FreeBSD home theater
>>> PC on my local LAN, I came across this bug preventing use of the None
>>> cipher:
>>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=163127
>>>
>>> I think I could enable the None cipher by recompiling base with a flag in
>>> /etc/src.conf.
>>
>> I agree.
>>
>>> Is there any harm in enabling this by default, but having the None cipher
>>> remain disabled in /etc/ssh/sshd_config? That way people wouldn't have it
>>> on my default, but wouldn't have to recompile to enable it.
>>
>> I do not see any immediate and concrete harm that doing so would cause,
>> yet that is insufficient for me to think that doing so would be a good
>> idea.
>>
>> -Ben
>> _______________________________________________
>> freebsd-current at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-current
>> To unsubscribe, send any mail to "freebsd-current-unsubscribe at freebsd.org"
>>
>
> I've been using openssh-portable from ports with the none cipher patch
> to get around this.
>
> IIRC, upstream openssh refuses to merge the none cipher patches "because
> you shouldn't do that". But I'd vote for having it compiled in and just
> disabled by default.
>
> It will refuse to let you have a shell without encryption, and prints a
> big fat hairy warning when encryption is disabled.
>



More information about the freebsd-current mailing list