On 11/11/2015 7:49 AM, Daniel Kalchev wrote: > It is my understanding, that using the NONE cypher is not identical to using > “the old tools” (rsh/rlogin/rcp). > > When ssh uses the NONE cypher, credentials and authorization are still > encrypted and verified. Only the actual data payload is not encrypted. > > Perhaps similar level of security could be achieved by “the old tools” if > they were by default compiled with Kerberos. Although, this still requires > building additional infrastructure. > > I must have missed the explanation. But why having a NONE cypher compiled in, > but disabled in the configuration is a bad idea?
My reasoning for wanting SSH/SCP with NONE is precisely because of the ssh key support. It simplifies a lot to be able to use the same key over a VPN and not over the VPN to connect to the same system. -- Regards, Bryan Drewery
Description: OpenPGP digital signature