It is my understanding, that using the NONE cypher is not identical to using
?the old tools? (rsh/rlogin/rcp).
When ssh uses the NONE cypher, credentials and authorization are still encrypted
and verified. Only the actual data payload is not encrypted.
Perhaps similar level of security could be achieved by ?the old tools? if they
were by default compiled with Kerberos. Although, this still requires building
additional infrastructure.
I must have missed the explanation. But why having a NONE cypher compiled in,
but disabled in the configuration is a bad idea?
Daniel
> On 11.11.2015 ?., at 10:55, Jason Birch <jbirch at jbirch.net> wrote:
>
> On Wed, Nov 11, 2015 at 6:59 PM, John-Mark Gurney <jmg at
funkthat.com> wrote:
>> If you have a trusted network, why not just use nc?
>
> Perhaps more generally relevant is that ssh/scp are *waves hands* vaguely
> analogous to secure versions of rsh/rlogin/rcp. I'd think that most
cases
> of "I wanted to send files and invoke some commands on a remote
machine,
> and due to $CIRCUMSTANCE I don't need or desire encryption" are
covered
> by the older, also standard tools. Additionally, rsync can use rsh as its
> transport, for users who desire more advanced behaviour. ssh just seems
> to have more support; Installation will ask you if you'd like to run
sshd
> (not rshd), ssh is rather ubiquitous as a way of "doing a thing
remotely"
> (even in Windows soon!), etc. This is a good default to have; the
> overhead of security is tiny in nearly all cases.
>
> It would seem then that the extra complexity of maintenance development
> in supporting NONE in base doesn't really grant us any additional
> functionality in most cases. It's just more 'obvious'.
> _______________________________________________
> freebsd-current at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe at
freebsd.org"