Re: ssh with no encryption ?

• Previous message: Dimitri Maziuk: "Re: ssh with no encryption ?"
• In reply to: Dimitri Maziuk: "Re: ssh with no encryption ?"
• Next in thread: David Magda: "Re: ssh with no encryption ?"
• Reply: David Magda: "Re: ssh with no encryption ?"
• Reply: Dimitri Maziuk: "Re: ssh with no encryption ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: those who know me have no need of my name <not-a-real-address@usa.net>
Date: 23 Feb 2003 03:36:27 GMT

in comp.security.ssh i read:
>Bill Unruh sez:

>We use CVS for web/ftp site mirroring and we use SSH to tunnel CVS
>connections. All data in CVS is publically available from our web or
>ftp site. Mirroring with tools like wget or rsync doesn't work for
>us.

i'm surprised by that, rsync should do as well as ftp.

>While encryption overhead is very small, turning encryption off should
>still cut a few minutues off download time.
>
>So here's a legitimate reason to want "cipher=none" back.

but it's a problem in some cases, and the various ssh authors are trying to
keep us safe, even from ourselves -- a pain, true, but if we really cared
that could be changed (worst case yet another ssh project, best case they
each put a safe cipher=none in, sort of middle case popularly maintained
patches).

as an alternative use a kerberos, srp or ssl enabled ftp server and client
with data encryption disabled, or even a kerberos, srp or ssl enabled telnet
server and client (again with encryption disabled) and an in-band transfer
tool like kermit or zmodem.

-- 
bringing you boring signatures for 17 years

• Next message: David Magda: "Re: ssh with no encryption ?"
• Previous message: Dimitri Maziuk: "Re: ssh with no encryption ?"
• In reply to: Dimitri Maziuk: "Re: ssh with no encryption ?"
• Next in thread: David Magda: "Re: ssh with no encryption ?"
• Reply: David Magda: "Re: ssh with no encryption ?"
• Reply: Dimitri Maziuk: "Re: ssh with no encryption ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: SBS 2003 Premium: how to allow FTP .EXE downloads ... Disable the problematic client XP firewall, ... click to check the "Hide All Microsoft Services" ... Is the FTP server on SBS? ... Download the file from the following URL: ... (microsoft.public.windows.server.sbs) Re: Telnet/ftp problems SBS2000 ... | through the server to get internet access everything works. ... | client uses an internet backup company to backup his really vital data, ... I understand that you cannot use ftp service to ... the connection can be established ... (microsoft.public.windows.server.sbs) Directory Traversal Vulnerabilities in FTP Clients ... Vendors informed individually and through CERT/CC ... FTP clients, including those that may be embedded in web clients, can ... filename that the client requests. ... or the associated CERT vulnerability ... (Bugtraq) [VulnWatch] Directory Traversal Vulnerabilities in FTP Clients ... Vendors informed individually and through CERT/CC ... FTP clients, including those that may be embedded in web clients, can ... filename that the client requests. ... or the associated CERT vulnerability ... (VulnWatch) [NEWS] Directory Traversal Vulnerabilities in FTP Clients ... vulnerable to certain directory traversal attacks by modified FTP servers. ... file/directory permissions and the privilege level of the client. ... A malicious server could potentially overwrite key files to cause a denial ... your vendor, or the associated CERT vulnerability note, if your product is ... (Securiteam)