Bug 428333 - should enable cipher "none"
should enable cipher "none"
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: openssh (Show other bugs)
9
All Linux
low Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-01-10 16:45 EST by Jonathan Kamens
Modified: 2008-10-01 07:13 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-10-01 07:13:13 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
OpenSSH Project 1430 None None None Never

  None (edit)
Description Jonathan Kamens 2008-01-10 16:45:09 EST
Several years ago, someone requested in bug #111641 that the "none" cipher be 
enabled, to allow encryption-free SSH connections to be established.

It was closed with WONTFIX, with the comment, "If your computer is fast enough 
to run X, it's fast enough to run arcfour."

I think that comment, and the decision not to support plaintext connections, is 
outdated, and I would like to ask for that decision to be reconsidered.

I tested the data transfer speed when using SSH with the arcfour cipher between 
two servers on a gigabit LAN with 2.4GHz CPUs.  The transfer speed turns out to 
be around 30MB/s.

30MB/s is fine when you're transferring over most WAN connections or when 
you're transferring across a 1Mbit network or even a 10Mbit network.  In these 
scenarios, the SSH transfer speed is still faster than the network speed, so 
SSH introduces no delay in the transmission of the data.

However, gigabit copper is becoming ubiquitous, and even fiber to the desktop 
isn't so uncommon anymore.  Every computer at my company has a gigabit NIC 
plugged into a gigabit switch.  In a gigabit environment, an encrypted SSH 
transfer using 2.4GHz CPUs, which are hardly slow or obsolete, takes 70% less 
time than an unecrypted transfer would take.

When I'm transferring a big chunk of data across my corporate LAN, I don't need 
for the data to be encrypted.  All I need is a way to initiate the connection 
securely.  SSH can provide that, but it sucks big time that after the 
connection is initiated, I have to sit around twiddling my thumbs waiting for a 
transfer that could be going more than three times as fast if it weren't for 
the unnecessary encryption.
Comment 1 Tomas Mraz 2008-01-10 18:24:03 EST
Could you report your findings into the upstream bugzilla?
http://bugzila.mindrot.org/

Comment 2 Jonathan Kamens 2008-01-10 18:47:20 EST
Done, but I hope you will consider fixing this bug even if the OpenSSH team 
declines to do so.
Comment 3 Bug Zapper 2008-05-14 00:44:36 EDT
Changing version to '9' as part of upcoming Fedora 9 GA.
More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 4 Tomas Mraz 2008-10-01 07:13:13 EDT
I am not willing to break security expectances of ssh protocol when upstream decided that they will not do it either.

Note You need to log in before you can comment on or make changes to this bug.