From owner-freebsd-security@freebsd.org Wed Nov 11 08:55:36 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B03B8A2B1B6 for ; Wed, 11 Nov 2015 08:55:36 +0000 (UTC) (envelope-from jbirch@jbirch.net) Received: from mail-oi0-x231.google.com (mail-oi0-x231.google.com [IPv6:2607:f8b0:4003:c06::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 74E571C1F for ; Wed, 11 Nov 2015 08:55:36 +0000 (UTC) (envelope-from jbirch@jbirch.net) Received: by oixx65 with SMTP id x65so838377oix.0 for ; Wed, 11 Nov 2015 00:55:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jbirch_net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=dX7TfI+aBSlR3O06fh/6rQVWA5oMyEcpM8yWY6dJD+4=; b=iaqOjogRtnM9rQvkoSZ7sMi+lmIhm0sJe6ipo0u4Td+/+BOk+x3oA6CNHubDTYf+gH H8lHSWAqiOUv2iyfdFEtJcIHQobonYLnX1cSOThmzhmoVyDrElpRxE/sqBEaq+E33nVa 56uSt+E40STXPPhKwvZrob3KI3CSIFpCtjmaPar9xE1RSSolP6kk+AGZwDrvsKwDIOGK sGCLqxrWLI2ffhzFZnO+Jf+w75fUdpFsK4dC65qxIUow6uik3bhQL2f6MxHo+omsQyHp sY7cgT2tMrG20pngdd1W8E4ZYO5v+xerBcu8c7MEY61VqKYZnmJtv2317fBYkZgtLQcG 1NGQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=dX7TfI+aBSlR3O06fh/6rQVWA5oMyEcpM8yWY6dJD+4=; b=cqPtNOScWsGNCQI5eLB2MggmMQF/2rxCZtkhPghiN/CcK6xq8jytWQpqU3QKglA1ro L+nnROlAseEChe4/Sb5LzZ9iZqfzhkJ8mRM6T7gq7YN2qY8Wo+VedL9PLZklMt3Xs5eZ 7dDXbxyssmDenZ3HgsPiK9hf1rg+30TdYn+PHyjSD2D6iU82KKDUWO+k8qtLGXp4hxgo ub98LGjKYq2I3/3fArVp7PDo2foYeR0bifnv5ore1N5LDaInEduOPC2WKo82woNlZQHF cdSWB/EnXof8lERUs6Cs2wxErASEwSnIGH4Zt4t8Vmobf6ZMP8uMMRLM4JMSmGXRhOuq vG7A== X-Gm-Message-State: ALoCoQkCMpe1oub5/Bj0LE4ypPTfVULeVpwUL7ms9J0mw0hh81uB/aqE7q6iTiE5bxa0O8DTE1B/ MIME-Version: 1.0 X-Received: by 10.202.213.133 with SMTP id m127mr4249445oig.26.1447232135507; Wed, 11 Nov 2015 00:55:35 -0800 (PST) Received: by 10.182.245.232 with HTTP; Wed, 11 Nov 2015 00:55:35 -0800 (PST) X-Originating-IP: [104.192.142.137] In-Reply-To: <20151111075930.GR65715@funkthat.com> References: <86io5a9ome.fsf@desk.des.no> <20151110175216.GN65715@funkthat.com> <56428C84.8050600@FreeBSD.org> <20151111075930.GR65715@funkthat.com> Date: Wed, 11 Nov 2015 19:55:35 +1100 Message-ID: Subject: Re: OpenSSH HPN From: Jason Birch To: John-Mark Gurney Cc: Ben Woods , Bryan Drewery , =?UTF-8?Q?Dag=2DErling_Sm=C3=B8rgrav?= , "freebsd-current@freebsd.org" , "freebsd-security@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-Mailman-Approved-At: Wed, 11 Nov 2015 12:21:40 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Nov 2015 08:55:36 -0000 On Wed, Nov 11, 2015 at 6:59 PM, John-Mark Gurney wrote: > If you have a trusted network, why not just use nc? Perhaps more generally relevant is that ssh/scp are *waves hands* vaguely analogous to secure versions of rsh/rlogin/rcp. I'd think that most cases of "I wanted to send files and invoke some commands on a remote machine, and due to $CIRCUMSTANCE I don't need or desire encryption" are covered by the older, also standard tools. Additionally, rsync can use rsh as its transport, for users who desire more advanced behaviour. ssh just seems to have more support; Installation will ask you if you'd like to run sshd (not rshd), ssh is rather ubiquitous as a way of "doing a thing remotely" (even in Windows soon!), etc. This is a good default to have; the overhead of security is tiny in nearly all cases. It would seem then that the extra complexity of maintenance development in supporting NONE in base doesn't really grant us any additional functionality in most cases. It's just more 'obvious'.