[clug] Super Dumb question. Network filesystems... (linux Digest, Vol 88, Issue 35, Message 3)

steve jenkin sjenkin at canb.auug.org.au
Sun Apr 25 21:59:26 MDT 2010

Miles Goodhew wrote on 26/04/10 12:46 PM:
> Carlo,
> On Mon, Apr 26, 2010 at 12:25 PM, Carlo Hamalainen
> <carlo.hamalainen at gmail.com> wrote:
> ...
>> Apparently old versions of openssh had "-e none" that would do what you want.
> ...
> "-e none" is still there, but it refers to the PTY escape character,
> not encryption (Yes, I thought I'd better go off and RTFM incase I'd
> missed something blindingly obvious).
>   There is however a "-c" flag (cipher), which makes no mention of a
> "none" or similar option, just the usual AES, 3DES, blowfish, etc.
>   I can see why you'd want to make it pretty difficult to disable
> encryption as the capability could be used for sly ways (social
> engineering, etc.) of breaking something that says "SECURE shell" on
> the tin. Nevertheless it'd be nice if it could enabled somehow.
> M0les.

OpenSSH has an explicit goal of "secure by default".
They removed 'cipher-none' at the start. (see below)
I haven't been able to find an on-line doc that says exactly why...
Did they decide, Big Brother style, that it was too dangerous for mere
users? The option was removed from the SSH2 standard...

More information about the linux mailing list