From owner-freebsd-current@FreeBSD.ORG  Sat Oct 18 02:43:51 2014
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id C5EC32D2
 for <freebsd-current@freebsd.org>; Sat, 18 Oct 2014 02:43:51 +0000 (UTC)
Received: from dmz-mailsec-scanner-1.mit.edu (dmz-mailsec-scanner-1.mit.edu
 [18.9.25.12])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 50429B3
 for <freebsd-current@freebsd.org>; Sat, 18 Oct 2014 02:43:50 +0000 (UTC)
X-AuditID: 1209190c-f795e6d000006c66-cd-5441d3dff4dc
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36])
 (using TLS with cipher AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by dmz-mailsec-scanner-1.mit.edu (Symantec Messaging Gateway) with SMTP id
 09.01.27750.FD3D1445; Fri, 17 Oct 2014 22:43:43 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11])
 by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id s9I2hg2Z005306;
 Fri, 17 Oct 2014 22:43:42 -0400
Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37])
 (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU)
 by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id s9I2heD7004075
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
 Fri, 17 Oct 2014 22:43:42 -0400
Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308)
 id s9I2heY4008525; Fri, 17 Oct 2014 22:43:40 -0400 (EDT)
Date: Fri, 17 Oct 2014 22:43:39 -0400 (EDT)
From: Benjamin Kaduk <kaduk@MIT.EDU>
To: Ben Woods <woodsb02@gmail.com>
Subject: Re: ssh None cipher
In-Reply-To: <CAOc73CCvQqwg65tt9vs54CoU1HGvV7ZxLWeQwXiSOm8UjtV50w@mail.gmail.com>
Message-ID: <alpine.GSO.1.10.1410172242240.27826@multics.mit.edu>
References: <CAOc73CCvQqwg65tt9vs54CoU1HGvV7ZxLWeQwXiSOm8UjtV50w@mail.gmail.com>
User-Agent: Alpine 1.10 (GSO 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrHIsWRmVeSWpSXmKPExsUixG6nonv/smOIwbTD/BZz3nxgspj6/iOr
 A5PHjE/zWTx2zrrLHsAUxWWTkpqTWZZapG+XwJWxbst8toJPrBW3jjxibmC8wtLFyMEhIWAi
 8fB5ZRcjJ5ApJnHh3nq2LkYuDiGB2UwSE9ufs0A4Gxkl1u64COUcYpKY+u0gM0iLkEADo8Sv
 D/wgNouAtsS8W0fYQGw2ARWJmW82gtkiAkoSvRv/sYLYzALyEv+vXGYCsYUFZCTOTfnGDmJz
 CgRKtP27xghi8wo4ShzduYwJYn6AxNFpC8BqRAV0JFbvn8ICUSMocXLmExaImVoSy6dvY5nA
 KDgLSWoWktQCRqZVjLIpuVW6uYmZOcWpybrFyYl5ealFuoZ6uZkleqkppZsYQYHKKcmzg/HN
 QaVDjAIcjEo8vAtOOoYIsSaWFVfmHmKU5GBSEuXlOAsU4kvKT6nMSCzOiC8qzUktPsQowcGs
 JMI7dTJQjjclsbIqtSgfJiXNwaIkzrvpB1+IkEB6YklqdmpqQWoRTFaGg0NJgrfvElCjYFFq
 empFWmZOCUKaiYMTZDgP0PBFIDW8xQWJucWZ6RD5U4zGHC1Nb3uZOO6c/NDLJMSSl5+XKiXO
 WwVSKgBSmlGaBzcNlmxeMYoDPSfMewCkigeYqODmvQJaxQS0asVvB5BVJYkIKakGRocDUz3W
 LpoalZy0bedq+6Xzeqc/6933YqrIqU+dFd/kT049sHzG3+5GxovbOHevvPv6WIdky4Yramf/
 J0sZvStsnfFthoHI7p8+Soc1dxQrNpVcOdU+4dpq8W9VJ6V2+kruf/bCbkGCdWHaRR6OHKa5
 27feUBWbXta+/d2aJW3TmJ5Ef5iuWqepxFKckWioxVxUnAgA5ypZOREDAAA=
Cc: freebsd-current@freebsd.org
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Oct 2014 02:43:51 -0000

On Fri, 17 Oct 2014, Ben Woods wrote:

> Whilst trying to replicate data from my FreeNAS to my FreeBSD home theater
> PC on my local LAN, I came across this bug preventing use of the None
> cipher:
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=163127
>
> I think I could enable the None cipher by recompiling base with a flag in
> /etc/src.conf.

I agree.

> Is there any harm in enabling this by default, but having the None cipher
> remain disabled in /etc/ssh/sshd_config? That way people wouldn't have it
> on my default, but wouldn't have to recompile to enable it.

I do not see any immediate and concrete harm that doing so would cause,
yet that is insufficient for me to think that doing so would be a good
idea.

-Ben