Subject: Re: switching cipher to none after authentification when data needs no encryption

Re: switching cipher to none after authentification when data needs no encryption

From: Michel Valin <michel.valin_at_ec.gc.ca>
Date: Fri, 20 Aug 2010 06:58:07 -0400

As i understand it, the "none" cipher turns encryption off from the get go.

The question remains, how to switch from strong cipher at authentication
time to no cipher for data transfer.

NoneEnabled+NoneSwitch in the HPN patch does exactly that automatically,
but needs a modified server/client pair.

This is why we use this modified version of ssh. We need
authentification to be protected but unencrypted data transfers are not
a problem. (our ssh daemons reject the "none" cipher)

I was wondering if there was a way to switch encryption off once the
credentials and keys have been exchanged and validated.

It looks as if the "regular" ssh cannot do that hence this HPN
modification that does it automagically.

Peter Stuge wrote:
> Michel Valin wrote:
>> Is there a way to use of this feature (NoneSwitch) with libssh2.
>>
>> Am i missing something in the API
>
> Not API, but at build time.
>
> $ ./configure --help
> ..
> --enable-crypt-none Permit "none" cipher -- NOT RECOMMENDED
> --enable-mac-none Permit "none" MAC -- NOT RECOMMENDED
>
>
> //Peter
> _______________________________________________
> libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

-- 
Michel Valin
Responsable, Soutien CHP | Head, HPC support
CHP & Opérations des TI nationales
HPC & National IT Operations
Direction du dirigeant principal de l'information
Chief Information Officer Branch
Environnement Canada | Environment Canada
2121, N. Trans canada, Dorval, QC, CANADA  H9P 1J3
Michel.Valin_at_ec.gc.CA
Téléphone   | Telephone 514-421-4753
Télécopieur | Facsimile 514-421-4703
Gouvernement du Canada | Government of Canada
Entre deux mots, il faut choisir le moindre.
Always choose the shortest of two words.
Paul Valéry
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2010-08-20