If the purpose of having a none cipher is to have a fast
file transfer, then one should be using sysutils/bbcp
for that purposes. Uses ssd for authentication, and
opens unencrypted channel(s) for the actual data transfer.
It's also very fast, can use multiple TCP streams.
Mark
On 10/18/14 06:10, Allan Jude wrote:
On 2014-10-17 22:43, Benjamin Kaduk wrote:
On Fri, 17 Oct 2014, Ben Woods wrote:
Whilst trying to replicate data from my FreeNAS to my FreeBSD home theater
PC on my local LAN, I came across this bug preventing use of the None
cipher:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=163127
I think I could enable the None cipher by recompiling base with a flag in
/etc/src.conf.
I agree.
Is there any harm in enabling this by default, but having the None cipher
remain disabled in /etc/ssh/sshd_config? That way people wouldn't have it
on my default, but wouldn't have to recompile to enable it.
I do not see any immediate and concrete harm that doing so would cause,
yet that is insufficient for me to think that doing so would be a good
idea.
-Ben
_______________________________________________
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
I've been using openssh-portable from ports with the none cipher patch
to get around this.
IIRC, upstream openssh refuses to merge the none cipher patches "because
you shouldn't do that". But I'd vote for having it compiled in and just
disabled by default.
It will refuse to let you have a shell without encryption, and prints a
big fat hairy warning when encryption is disabled.
_______________________________________________
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
