Date: Sat, 18 Oct 2014 00:10:28 -0400 From: Allan Jude <allanjude@freebsd.org> To: freebsd-current@freebsd.org Subject: Re: ssh None cipher Message-ID: <5441E834.2000906@freebsd.org> In-Reply-To: <alpine.GSO.1.10.1410172242240.27826@multics.mit.edu> References: <CAOc73CCvQqwg65tt9vs54CoU1HGvV7ZxLWeQwXiSOm8UjtV50w@mail.gmail.com> <alpine.GSO.1.10.1410172242240.27826@multics.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --8orAXqGSb5FtwfURkCEjVSwKt5TWSr1Bo Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 2014-10-17 22:43, Benjamin Kaduk wrote: > On Fri, 17 Oct 2014, Ben Woods wrote: >=20 >> Whilst trying to replicate data from my FreeNAS to my FreeBSD home the= ater >> PC on my local LAN, I came across this bug preventing use of the None >> cipher: >> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D163127 >> >> I think I could enable the None cipher by recompiling base with a flag= in >> /etc/src.conf. >=20 > I agree. >=20 >> Is there any harm in enabling this by default, but having the None cip= her >> remain disabled in /etc/ssh/sshd_config? That way people wouldn't have= it >> on my default, but wouldn't have to recompile to enable it. >=20 > I do not see any immediate and concrete harm that doing so would cause,= > yet that is insufficient for me to think that doing so would be a good > idea. >=20 > -Ben > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.o= rg" >=20 I've been using openssh-portable from ports with the none cipher patch to get around this. IIRC, upstream openssh refuses to merge the none cipher patches "because you shouldn't do that". But I'd vote for having it compiled in and just disabled by default. It will refuse to let you have a shell without encryption, and prints a big fat hairy warning when encryption is disabled. --=20 Allan Jude --8orAXqGSb5FtwfURkCEjVSwKt5TWSr1Bo Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJUQeg3AAoJEJrBFpNRJZKfiGcQAKoEo0vJ2YvTo6MX45A+L//y s1jWcMQaESoZ8oxkKcAVI2yic1xFKrNSru4g0/m9awO4KuGjrnx/guy0DK+x7Ge3 B/HqAGIKZFuYbsPnxQhxLF8jpjxudbMPM/RO1Qr1KcqQuGwInR6OHjt+c8Yif6r1 0pLayFB69m6eCdUfGEBmdznl43jlhZWhABk4pj7rTq6zO/IhbiEX6vaAHwqIsRj2 3jFr2PL4roH49VvyKfNO7k3bNJO1mekaJ0YPtWJJigxJeBVzWfay2/sJr2urwnhk MNbr8fQ5zqiN2oJaZYA1q8pkaUSCsrqhk5iBgLJRucYXTKo0L+3pEPTv7bN0ozZW 0hi/wry1JuYZrj3oEKWzHqfVytVwg7WIOcqVxMu/m0JaV9GHv0+fNxoBQ71LWhiH Pb0VgBK06Xzx9zrhgtHRPG4QP5zxcaZXijiiDsNEcpgZYR2Hv2Sra7Yd0MUrj+eI flyR9ycw8bCnKoG8cobHU2qDyfe7uKA4BFNlmobd5VkLcig5zHr0eXxEcBa/5uYM blHA3bRKyNNXmDmK65prvItWhtPdrH+MTwPbe86AfYe2xyzi3kiRp08bjEYwCaXC f/QAe63ugfblWJ+Czdx52hpN82BLK5ZFhf7r9hEcZ/mAGjesbx31YjWh4IaRj/nE bXf1K0tMZAbUmbA3ebiA =Dkz8 -----END PGP SIGNATURE----- --8orAXqGSb5FtwfURkCEjVSwKt5TWSr1Bo--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5441E834.2000906>