On 11/11/2015 7:49 AM, Daniel Kalchev wrote:
> It is my understanding, that using the NONE cypher is not identical to using 
> “the old tools” (rsh/rlogin/rcp).
> When ssh uses the NONE cypher, credentials and authorization are still 
> encrypted and verified. Only the actual data payload is not encrypted.
> Perhaps similar level of security could be achieved by “the old tools” if 
> they were by default compiled with Kerberos. Although, this still requires 
> building additional infrastructure.
> I must have missed the explanation. But why having a NONE cypher compiled in, 
> but disabled in the configuration is a bad idea?

My reasoning for wanting SSH/SCP with NONE is precisely because of the
ssh key support. It simplifies a lot to be able to use the same key over
a VPN and not over the VPN to connect to the same system.

Bryan Drewery

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to