Date: Wed, 11 Nov 2015 08:35:47 -0800 From: Bryan Drewery <bdrewery@FreeBSD.org> Cc: "freebsd-current@freebsd.org" <freebsd-current@freebsd.org>, "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: OpenSSH HPN Message-ID: <56436E63.6040602@FreeBSD.org> In-Reply-To: <546376BD-A2E7-4B73-904E-4F33DD82401E@digsys.bg> References: <86io5a9ome.fsf@desk.des.no> <20151110175216.GN65715@funkthat.com> <56428C84.8050600@FreeBSD.org> <CAOc73CAHQ0FRPES7GrM6ckkWfgZCS3Se7GFUrDO4pR_EMVSvZQ@mail.gmail.com> <20151111075930.GR65715@funkthat.com> <CAA=KUhs9g9gajxwLFBgn2nNhnn4oQSZ56FRVC%2BPde4ZZO=g7Ug@mail.gmail.com> <546376BD-A2E7-4B73-904E-4F33DD82401E@digsys.bg>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --0NftXeGS1e7L1mSFECsQOT4qGKO5al7wb Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 11/11/2015 7:49 AM, Daniel Kalchev wrote: > It is my understanding, that using the NONE cypher is not identical to = using =E2=80=9Cthe old tools=E2=80=9D (rsh/rlogin/rcp). >=20 > When ssh uses the NONE cypher, credentials and authorization are still = encrypted and verified. Only the actual data payload is not encrypted. >=20 > Perhaps similar level of security could be achieved by =E2=80=9Cthe old= tools=E2=80=9D if they were by default compiled with Kerberos. Although,= this still requires building additional infrastructure. >=20 > I must have missed the explanation. But why having a NONE cypher compil= ed in, but disabled in the configuration is a bad idea? My reasoning for wanting SSH/SCP with NONE is precisely because of the ssh key support. It simplifies a lot to be able to use the same key over a VPN and not over the VPN to connect to the same system. --=20 Regards, Bryan Drewery --0NftXeGS1e7L1mSFECsQOT4qGKO5al7wb Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJWQ25oAAoJEDXXcbtuRpfPdg8IALC3wjzLDfdF13s1E3/RHhOm WkfcX1LSeY3LaaODM3nJKh7eTBNzHNAGn0SHzF+2rvghFXNPKAuaFLrl1sIAlC2Y b/5HPnAay3Y4Iy7NPbtnRz7uKPzmNt5okN5Wa604UshiUWvh72HV6IbJtBHGSiJt J/gnhqac1NN4zhMaW4YQB6MsVZB9qgCHY4Q43RQId02aEJyy7LcULf/vSFSKjFxa P2xBJZ465nnUYsxY1dQ2ZKQMIQkxRwoxtJE6VOjU06EQT3JlhubKSMKuzjUjHlr8 rke47xBbuaiqHlncaMn5ITXRpOUZpYeXZao+1aNfsjHzxFaat0cY1W2M1dYWfQw= =FB2X -----END PGP SIGNATURE----- --0NftXeGS1e7L1mSFECsQOT4qGKO5al7wb--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?56436E63.6040602>