This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 111641 - cipher none request
cipher none request
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: openssh (Show other bugs)
1
All Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
http://membled.com/work/patches/openssh/
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-12-07 09:59 EST by Maciej Żenczykowski
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-08-25 14:11:53 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Maciej Żenczykowski 2003-12-07 09:59:39 EST
Version-Release number of selected component
(although not really applicable):
openssh-3.6.1p2-19

Description of problem:
It would be useful to support cipher 'none', this is useful for local
secure network X forwarding (not all computers are fast enough to
support real time X with ciphers enabled) and for scp of non-vital
files.  I.e. authentication could be ciphered, but the actual data
could be sent in the clear.

This is probably just a matter of applying something like the
following patch.  The cipher still needs to be selected on the
commandline - but that's just fine.

diff -ru openssh-3.0.2p1/cipher.c openssh-3.0.2p1-new/cipher.c
--- openssh-3.0.2p1/cipher.c	Fri Sep 14 03:47:34 2001
+++ openssh-3.0.2p1-new/cipher.c	Wed Feb 13 15:15:04 2002
@@ -419,6 +419,7 @@
 	u_int mask = 0;
 	mask |= 1 << SSH_CIPHER_3DES;           /* Mandatory */
 	mask |= 1 << SSH_CIPHER_BLOWFISH;
+	mask |= 1 << SSH_CIPHER_NONE;
 	if (client) {
 		mask |= 1 << SSH_CIPHER_DES;
 	}
@@ -459,7 +460,9 @@
 	for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0';
 	     (p = strsep(&cp, CIPHER_SEP))) {
 		c = cipher_by_name(p);
-		if (c == NULL || c->number != SSH_CIPHER_SSH2) {
+		/* SSH_CIPHER_NONE can be used by both protocol 1 and 2 */
+		if (c == NULL || (c->number != SSH_CIPHER_SSH2
+				  && c->number != SSH_CIPHER_NONE)) {
 			debug("bad cipher %s [%s]", p, names);
 			xfree(ciphers);
 			return 0;
Comment 1 Damien Miller 2004-08-24 21:01:26 EDT
I recommend against this. See discussion on openssh-unix-dev@ mailing
list for details.

If your computer is fast enough to run X apps, then it is fast enough
to run a lightweight cipher, such arcfour. 
Comment 2 Maciej Żenczykowski 2004-08-25 14:11:53 EDT
Didn't know about the arcfour cipher, maybe it should be mentioned
somewhere (like in the man page next to -c)?  How is arcfour
comparable in speed to 'none'?

Note You need to log in before you can comment on or make changes to this bug.