Date: Fri, 2 Dec 2011 15:42:59 -0800 From: Freddie Cash <fjwcash@gmail.com> To: Jeremy Chadwick <freebsd@jdc.parodius.com> Cc: stable@freebsd.org Subject: Re: r228152: anyone got the None cipher working with base OpenSSH? Message-ID: <CAOjFWZ4u5YRBc-qUMTLZ3jDqa6U%2BKxa%2B0wvSNuouAN3pweZE8Q@mail.gmail.com> In-Reply-To: <20111202233930.GA43590@icarus.home.lan> References: <CAOjFWZ4W1=TbLuMhi17shuYaNbGq18N1DWYLXiyiJ72gOM_6qA@mail.gmail.com> <20111202233220.GA43495@icarus.home.lan> <20111202233930.GA43590@icarus.home.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Dec 2, 2011 at 3:39 PM, Jeremy Chadwick <freebsd@jdc.parodius.com>wrote: > You also need to read README.hpn to understand fully how to get None > cipher to work from the server AND client side, *AND* what the limits > and caveats are. There are changes you need to make to > /etc/ssh/sshd_config, and there are *multiple* -o switches you will need > to use with the client (e.g. ssh -oCipher=none -oNoneEnabled=yes > -oNoneSwitch=yes). If the WARNING message that is output to stderr > bothers you, use -T. > Yeah, I've gone over all that. We've been using the HPN patches and None cipher via openssh-portable from ports for a couple years now. Noticed the HPN patches were added to the base OpenSSH, though, and thought I could use that instead of the ports version, and ran into the "no None cipher" issue. Thanks to the gentle prodding of Bjoern, I see that I missed the mention of CFLAGS in the commit message, which is why it wasn't working for me. :) I'm going to go with over-excitement due to too much coffee for this one. :) I'm testing out the make.conf snippet you posted now. -- Freddie Cash fjwcash@gmail.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOjFWZ4u5YRBc-qUMTLZ3jDqa6U%2BKxa%2B0wvSNuouAN3pweZE8Q>