From owner-freebsd-stable@FreeBSD.ORG  Sat Dec  3 01:22:59 2011
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 09B891065670
	for <stable@freebsd.org>; Sat,  3 Dec 2011 01:22:59 +0000 (UTC)
	(envelope-from jdc@koitsu.dyndns.org)
Received: from qmta07.emeryville.ca.mail.comcast.net
	(qmta07.emeryville.ca.mail.comcast.net [76.96.30.64])
	by mx1.freebsd.org (Postfix) with ESMTP id E2B538FC13
	for <stable@freebsd.org>; Sat,  3 Dec 2011 01:22:58 +0000 (UTC)
Received: from omta02.emeryville.ca.mail.comcast.net ([76.96.30.19])
	by qmta07.emeryville.ca.mail.comcast.net with comcast
	id 4R7n1i0060QkzPwA7RNrnC; Sat, 03 Dec 2011 01:22:51 +0000
Received: from koitsu.dyndns.org ([67.180.84.87])
	by omta02.emeryville.ca.mail.comcast.net with comcast
	id 4RPC1i0081t3BNj8NRPCUS; Sat, 03 Dec 2011 01:23:12 +0000
Received: by icarus.home.lan (Postfix, from userid 1000)
	id 76047102C1D; Fri,  2 Dec 2011 17:22:57 -0800 (PST)
Date: Fri, 2 Dec 2011 17:22:57 -0800
From: Jeremy Chadwick <freebsd@jdc.parodius.com>
To: Adam Vande More <amvandemore@gmail.com>
Message-ID: <20111203012257.GA44866@icarus.home.lan>
References: <CAOjFWZ4W1=TbLuMhi17shuYaNbGq18N1DWYLXiyiJ72gOM_6qA@mail.gmail.com>
	<20111202233220.GA43495@icarus.home.lan>
	<20111202233930.GA43590@icarus.home.lan>
	<CA+tpaK0a6C-F5GHef2J4OQ=tpvFcpKUC_syotY8FHVJOMm-RYg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CA+tpaK0a6C-F5GHef2J4OQ=tpvFcpKUC_syotY8FHVJOMm-RYg@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: stable@freebsd.org
Subject: Re: r228152: anyone got the None cipher working with base OpenSSH?
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Dec 2011 01:22:59 -0000

On Fri, Dec 02, 2011 at 05:51:03PM -0600, Adam Vande More wrote:
> On Fri, Dec 2, 2011 at 5:39 PM, Jeremy Chadwick <freebsd@jdc.parodius.com>wrote:
> 
> >  If the WARNING message that is output to stderr
> > bothers you, use -T.
> >
> 
> This says -T disables the NONE cipher:
> 
> http://www.psc.edu/networking/projects/hpn-ssh/none.php
> 
> I haven't looked at current patches so maybe doesn't apply.

No, you're correct -- use of -T disables the none cipher.

I only checked actual packets (for plain-text) with tcpdump when testing
the above **without** -T.  I found that -T disabled the warning message;
well duh, because it disables the none cipher.

TL;DR -- my above message ("use -T to disable the warning") is
absolutely wrong.  The WARNING message to stderr, when a tty is
allocated, cannot be disabled to my knowledge -- the -n flag should
inhibit it, and I imagine this is intentional so that admins can use
-oCipher=none for backups on LANs, etc..

-- 
| Jeremy Chadwick                                jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                   Mountain View, CA, US |
| Making life hard for others since 1977.               PGP 4BD6C0CB |