Re: ssh with no encryption ?

From: David Magda (dmagda+netnews@ee.ryerson.ca)
Date: 02/23/03

• Next message: James Van't Slot: "ssh as replacement for PPTP?"
• Previous message: those who know me have no need of my name: "Re: ssh with no encryption ?"
• In reply to: those who know me have no need of my name: "Re: ssh with no encryption ?"
• Next in thread: Darren Tucker: "Re: ssh with no encryption ?"
• Reply: Darren Tucker: "Re: ssh with no encryption ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: David Magda <dmagda+netnews@ee.ryerson.ca>
Date: 23 Feb 2003 11:35:25 -0500

those who know me have no need of my name <not-a-real-address@usa.net> writes:
[...]
> but it's a problem in some cases, and the various ssh authors are
> trying to keep us safe, even from ourselves -- a pain, true, but if
> we really cared that could be changed (worst case yet another ssh
> project, best case they each put a safe cipher=none in, sort of
> middle case popularly maintained patches).
[...]

If I want to shoot myself in the foot I should be able to. At least
have a compile-time option (disabled by default) where it's possible
to allow cipher=none.

There have been situations where I wanted to use ssh but without
encryption. Mostly where rsh(1) has been disabled but ssh(1) has not
and I want to login without passwords: of course one of the machines
was a Sparc5 (80Mhz) and encryption really slowed things down (X11
forwarding).

Shouldn't policy be separated from mechanism?

-- 
David Magda <dmagda at ee.ryerson.ca>
Because the innovator has for enemies all those who have done well under
the old conditions, and lukewarm defenders in those who may do well 
under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI

---

• Next message: James Van't Slot: "ssh as replacement for PPTP?"
• Previous message: those who know me have no need of my name: "Re: ssh with no encryption ?"
• In reply to: those who know me have no need of my name: "Re: ssh with no encryption ?"
• Next in thread: Darren Tucker: "Re: ssh with no encryption ?"
• Reply: Darren Tucker: "Re: ssh with no encryption ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: [fw-wiz] Do you permit X11 via proxy firewall? ... that's what 'ssh -X' is for. ... At least does it better as packet filtering rules are static. ... remember, just becouse everyone is doing it, it may not be safe. ... tunnel it through SSH then it's safe' ... (Firewall-Wizards) Re: Intruders good job -- Change my root password ... there is no way to be sure you are safe. ... >> ftp isn't too bad, if you set it up in a chroot jail, but they can be ... >ssh may the better to sftp, but I don't know how to use it. ... scp and sftp. ... (comp.os.linux.security) Re: Firewall security: Re: Problems with simple Samba file share ... Then why bother allowing ssh? ... For the time you have to go to china at a moment's notice (hey, ... Ssh is safe - that's the whole point of it. ... Refusing to use a safe thing sometimes is silly. ... (comp.os.linux.misc) Re: Security basics ... can detect ssh implementations since they normally self-identify. ... if you're running ssh on the normal port, ... If you're the only one who ever SSHes into your system, set it up to use public key authentication only and always walk around with a thumbdrive that has your private key on it. ... yes, if you have "passwords that are safe for an hour," your computer is safe -- for 1 hour. ... (Fedora) Re: [fw-wiz] Communication Device Protocols from External router directthrough Firewall ... TACACS is not. ... will get to SSH in a second)? ... or ACS should be on a DMZ ... Im sorry but why would you even say this as encryption between the firewall ... (Firewall-Wizards)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.ssh  > 2003-02