Re: How do I turn off encryption in ssh
From: Richard E. Silverman (res_at_qoxp.net)
Date: 06/06/04
- Next message: Nico Kadel-Garcia: "Re: VerifyReverseMapping=no but sshd still attempting reverse DNS"
- Previous message: Per Hedeland: "Re: Password method and PAM : difference between 3.6.1 and 3.8.1"
- In reply to: Bill Unruh: "Re: How do I turn off encryption in ssh"
- Next in thread: Mohit Aron: "Re: How do I turn off encryption in ssh"
- Reply: Mohit Aron: "Re: How do I turn off encryption in ssh"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 05 Jun 2004 18:49:18 -0400
>>>>> "BU" == Bill Unruh <unruh@string.physics.ubc.ca> writes:
BU> aron@cs.rice.edu (Mohit Aron) writes: ]Hello,
BU> ]I'm wondering how to turn off encryption when using ssh. I'm
BU> using ]version ]3.8.1p1 of openssh on Linux. It seems this version
BU> doesn't support the ]'-c none' option.
BU> Why would you want to? That is the whole purpose of ssh. Otherwise
BU> use telnet.
You have made this claim before, and it continues to be simplistic and
false. The SSH protocol serves more puposes than just data privacy, and
people's requirements vary. To quote an earlier response of mine on the
topic:
Date: 13 Dec 2003 00:35:17 -0500
From: Richard E.Silverman <res@qoxp.net>
Newsgroups: comp.security.ssh
Subject: Re: OpenSSH Using NONE as Cipher?
>>>>> "BU" == Bill Unruh <unruh@string.physics.ubc.ca> writes:
BU> ??? What is the point of using ssh or scp without a cypher? Just
BU> use ftp, or rcp or whatever. It is NOT secure.
This point of view is much too simplistic; a connection is not just
"secure" or "not secure" as if flipping a light switch. An SSH-2
connection using a null encryption cipher still has:
- server authentication and man-in-the-middle attack protection
(i.e. you know who you're talking to)
- cryptographically assured integrity protection (i.e. you know the data
is passed unchanged from one end to the other)
- strong client authentication (assuming obvious mistakes aren't made,
such as using password authentication over an unencrypted connection --
most implementations disallow this)
So, if you don't care about privacy, but do care about these other
properties, then using SSH with a null encryption cipher makes perfect
sense. Similar motivations are behind the existence of AH mode in IPSec
as well as ESP. In particular, it makes *no* sense to compare unencrypted
SSH with "FTP, or rcp, or whatever;" these are entirely different.
--
Richard Silverman
res@qoxp.net
- Next message: Nico Kadel-Garcia: "Re: VerifyReverseMapping=no but sshd still attempting reverse DNS"
- Previous message: Per Hedeland: "Re: Password method and PAM : difference between 3.6.1 and 3.8.1"
- In reply to: Bill Unruh: "Re: How do I turn off encryption in ssh"
- Next in thread: Mohit Aron: "Re: How do I turn off encryption in ssh"
- Reply: Mohit Aron: "Re: How do I turn off encryption in ssh"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
