On Tue, Dec 14, 1999 at 02:35:05PM -0500, Michael H. Warfield wrote:
> On Tue, Dec 14, 1999 at 04:43:32PM +0100, Markus Friedl wrote:
> > Because passphrase-less hostkeys are 'encrypted' with cipher "none"
> > the code for this cipher is always compiled into the programs. This
> > way the client is free to choose "none" and no server will complain.
>
> AFAIK... The passpharse-less host keys are encrypted with 3-DES
> and no password. [...]
Please look at the source.
E.g. ssh-1.2.12/authfile.c reads:
int save_private_key(
[...]
if (strcmp(passphrase, "") == 0)
cipher_type = SSH_CIPHER_NONE;
Older versions may have used a real cipher with key "".
Note also that SSH_CIPHER_NONE is also used for 'encryption' before
client and server have exchanged the session-key.
Many of you disagree with me and are saying that this cipher-none
issue is a non-issue.
But once more I like to point out that this a security problem in
a wider sense as it affects your security _policy_. If you decide
to remove telnet/rlogin and configure ssh with '--without-none' you
still have not disabled cleartext logins. This is not about
bufferoverflows or exploits, this is about your security _policy_,
so it is still a security issue.
Moreover, if a third party manages to replace the (unauthenticated)
server messages "I will accept only ciphers IDEA and 3DES" with "I
will accept only cipher NONE" you don't even need a malicious client.
