Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 22 Aug 2001 14:10:19 -0700 (PDT)
From:      Matt Dillon <dillon@earth.backplane.com>
To:        James Wyatt <jwyatt@rwsystems.net>
Cc:        Rob Simmons <rsimmons@wlcg.com>, Matt Piechota <piechota@argolis.org>, Wes Peters <wes@softweyr.com>, "Carroll, D. (Danny)" <Danny.Carroll@mail.ing.nl>, freebsd-security@FreeBSD.ORG
Subject:   Re: Silly crackers... NT is for kids...
Message-ID:  <200108222110.f7MLAJU78729@earth.backplane.com>
References:   <Pine.BSF.4.10.10108211807510.2334-100000@bsdie.rwsystems.net>
next in thread | previous in thread | raw e-mail | index | archive | help 

:> On Tue, 21 Aug 2001, Matt Piechota wrote:
:> > No No, on the realtime machine controllers (QNX), or OCR nodes that need
:> > all the cpu cycles they can get.  I'm talking about the [de|en]crypt on
:> > the remote side, not the PC side.  Every bit or performance matters, and
:> > could be the difference between us and someone else getting a contract.
:> 
:> There should be a way to configure sshd so that only the username/password
:> exchange is encrypted.  The rest of the connection would be unencrypted.
:> You would get some of the benefits of ssh without a constant performance
:> hit.
:
:IMHO, that would be a "bad idea" as it would 1) be easier to insert forged
:command packets after browsing what was going on, 2) break changing your
:password because it could be sniffed at change time, 3) not save *that*
:much CPU for tactical shell sessions, and 4) confuse users who thought SSH
:..

    There is the ability to specify '-c none' (no cipher) to ssh.  Our ssh
    does not compile the 'none' cipher in by default but you should be able
    to build the distribution with that feature.

    I am not sure whether it still encrypts passwords or key-exchange when
    -c none is specified, but I do know it doesn't encrypt the data stream
    once the connection is operational.

    Perhaps someone more knowledgeable in regards to ssh can answer the
    question.

						-Matt


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108222110.f7MLAJU78729>