Re: null cipher
From: David Magda (dmagda+usenet@ee.ryerson.ca)Date: 07/23/02
- Next message: Wojtek Walczak: "Re: telnetd replacement logger?"
- Previous message: lowenstein d: "hostbased auth between openssh and commercial ssh"
- In reply to: those who know me have no need of my name: "Re: null cipher"
- Next in thread: those who know me have no need of my name: "Re: null cipher"
- Reply: those who know me have no need of my name: "Re: null cipher"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: David Magda <dmagda+usenet@ee.ryerson.ca> Date: 23 Jul 2002 16:43:25 -0400
those who know me have no need of my name <not-a-real-address@usa.net> writes:
> from the number of posts here it would benefit a certain segment of the ssh
> using community. (they would be better served using ldap or kerberos, but
> some people think that ssh should solve all problems.)
I just want to specify that the NULL cipher is a valid option. The
OpenSSH developers have made set things up that it is rejected even
if the administrator asks for it. I understand their reasons, but I
don't like that I can't enforce policy the way I see fit.
I *want* to be able to shoot myself in the foot if I ask for it -
that is the *nix way. :> I understand the risks and am willing to
accept them.
> blowfish is fairly quick. have you tried it?
We use it by default. That and straight DES. It (DES) is secure
enough for our internal needs and fairly quick. Anything from outside
we force Blowfish, Twofish, AES or 3DES for obvious reasons.
> never said it would be easy. ldap or kerberos would be much better than
> trying to wedge ssh into a role it was never designed to fill.
We like SSH and it works well. Just want minimal encryption where
it's not needed.
> then maybe it's time to reconsider the distribution you use.
We have considered all the other distributions. Slackware is the
"best" one for us. All the others use unmanageable packaging systems
to make things more "manageable". Even Debian's wonderful .deb is too
intrusive. <sigh>
-- David Magda <dmagda at ee.ryerson.ca> Because the innovator has for enemies all those who have done well under the old conditions, and lukewarm defenders in those who may do well under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI
- Next message: Wojtek Walczak: "Re: telnetd replacement logger?"
- Previous message: lowenstein d: "hostbased auth between openssh and commercial ssh"
- In reply to: those who know me have no need of my name: "Re: null cipher"
- Next in thread: those who know me have no need of my name: "Re: null cipher"
- Reply: those who know me have no need of my name: "Re: null cipher"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
