Red Hat Bugzilla – Full Text Bug Listing
|Summary:||should enable cipher "none"|
|Product:||[Fedora] Fedora||Reporter:||Jonathan Kamens <jik>|
|Component:||openssh||Assignee:||Tomas Mraz <tmraz>|
|Status:||CLOSED WONTFIX||QA Contact:||Fedora Extras Quality Assurance <extras-qa>|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2008-10-01 07:13:13 EDT||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description Jonathan Kamens 2008-01-10 16:45:09 EST
Several years ago, someone requested in bug #111641 that the "none" cipher be enabled, to allow encryption-free SSH connections to be established. It was closed with WONTFIX, with the comment, "If your computer is fast enough to run X, it's fast enough to run arcfour." I think that comment, and the decision not to support plaintext connections, is outdated, and I would like to ask for that decision to be reconsidered. I tested the data transfer speed when using SSH with the arcfour cipher between two servers on a gigabit LAN with 2.4GHz CPUs. The transfer speed turns out to be around 30MB/s. 30MB/s is fine when you're transferring over most WAN connections or when you're transferring across a 1Mbit network or even a 10Mbit network. In these scenarios, the SSH transfer speed is still faster than the network speed, so SSH introduces no delay in the transmission of the data. However, gigabit copper is becoming ubiquitous, and even fiber to the desktop isn't so uncommon anymore. Every computer at my company has a gigabit NIC plugged into a gigabit switch. In a gigabit environment, an encrypted SSH transfer using 2.4GHz CPUs, which are hardly slow or obsolete, takes 70% less time than an unecrypted transfer would take. When I'm transferring a big chunk of data across my corporate LAN, I don't need for the data to be encrypted. All I need is a way to initiate the connection securely. SSH can provide that, but it sucks big time that after the connection is initiated, I have to sit around twiddling my thumbs waiting for a transfer that could be going more than three times as fast if it weren't for the unnecessary encryption.
Comment 1 Tomas Mraz 2008-01-10 18:24:03 EST
Could you report your findings into the upstream bugzilla? http://bugzila.mindrot.org/
Comment 2 Jonathan Kamens 2008-01-10 18:47:20 EST
Done, but I hope you will consider fixing this bug even if the OpenSSH team declines to do so.
Comment 3 Bug Zapper 2008-05-14 00:44:36 EDT
Changing version to '9' as part of upcoming Fedora 9 GA. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 4 Tomas Mraz 2008-10-01 07:13:13 EDT
I am not willing to break security expectances of ssh protocol when upstream decided that they will not do it either.