ssh None cipher
Allan Jude
allanjude at freebsd.org
Sat Oct 18 04:10:23 UTC 2014
On 2014-10-17 22:43, Benjamin Kaduk wrote:
> On Fri, 17 Oct 2014, Ben Woods wrote:
>
>> Whilst trying to replicate data from my FreeNAS to my FreeBSD home theater
>> PC on my local LAN, I came across this bug preventing use of the None
>> cipher:
>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=163127
>>
>> I think I could enable the None cipher by recompiling base with a flag in
>> /etc/src.conf.
>
> I agree.
>
>> Is there any harm in enabling this by default, but having the None cipher
>> remain disabled in /etc/ssh/sshd_config? That way people wouldn't have it
>> on my default, but wouldn't have to recompile to enable it.
>
> I do not see any immediate and concrete harm that doing so would cause,
> yet that is insufficient for me to think that doing so would be a good
> idea.
>
> -Ben
> _______________________________________________
> freebsd-current at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe at freebsd.org"
>
I've been using openssh-portable from ports with the none cipher patch
to get around this.
IIRC, upstream openssh refuses to merge the none cipher patches "because
you shouldn't do that". But I'd vote for having it compiled in and just
disabled by default.
It will refuse to let you have a shell without encryption, and prints a
big fat hairy warning when encryption is disabled.
--
Allan Jude
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20141018/976564cb/attachment.sig>
More information about the freebsd-current
mailing list