OpenSSH HPN
Bryan Drewery
bdrewery at FreeBSD.org
Wed Nov 11 16:36:00 UTC 2015
On 11/11/2015 7:49 AM, Daniel Kalchev wrote:
> It is my understanding, that using the NONE cypher is not identical to using “the old tools” (rsh/rlogin/rcp).
>
> When ssh uses the NONE cypher, credentials and authorization are still encrypted and verified. Only the actual data payload is not encrypted.
>
> Perhaps similar level of security could be achieved by “the old tools” if they were by default compiled with Kerberos. Although, this still requires building additional infrastructure.
>
> I must have missed the explanation. But why having a NONE cypher compiled in, but disabled in the configuration is a bad idea?
My reasoning for wanting SSH/SCP with NONE is precisely because of the
ssh key support. It simplifies a lot to be able to use the same key over
a VPN and not over the VPN to connect to the same system.
--
Regards,
Bryan Drewery
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20151111/fa4e5a8e/attachment.bin>
More information about the freebsd-security
mailing list