[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Suggested way to ssh into obsolete devices (with old ssh crypto)?

> I'm aware of that. My critique was specific to the "we take it out
> because it's dangerous to the user" part.

That's often an explanation but not the main motivation.
For the `none` cipher, I think it was, tho.

IIRC the problem was that using the `none` cipher causes the
authentication to be exposed in a way that is worse than using Telnet:
with Telnet you only expose the data you send to the wire, whereas with
SSH's `none` cipher you ended up exposing the data plus your
(valued) credentials.

> I'm torn on this one... Sometimes I've the impression that this leads to
> asocial software (i.e. nobody goes to any effort to make their software
> compatible to reasonable ranges of library (and other dependencies's)
> versions).
> Akin to the Flatpaks and Snaps of this world, perhaps with a less horrible
> dependencies management story).

Indeed, it has its downsides.


Reply to: