On 8/29/19 5:53 PM, Anton Aylward wrote:
On 29/08/2019 20:34, Anton Aylward wrote:
On 29/08/2019 16:06, Lew Wolfgang wrote:
I don't believe that you can use "none" in sshd without enabling it in source and recompiling. There are some patches that do this, but still require recompilation. That's always an option I guess... Please see https://tools.ietf.org/html/rfc4252#page-7
If you run ssh -Q cipher to see what you have, you will NOT see 'none' liisted there. This is in accordance with the spec:
5.2. The "none" Authentication Request ... This 'method name' MUST NOT be listed as supported by the server.
But it might well be there, and the rest of that stanza says:
A client may request a list of authentication 'method name' values that may continue by using the "none" authentication 'method name'.
If no authentication is needed for the user, the server MUST return SSH_MSG_USERAUTH_SUCCESS.
More from the spec:
Authentication methods are identified by their name, as defined in [SSH-ARCH]. The "none" method is reserved, and MUST NOT be listed as supported. However, it MAY be sent by the client. The server MUST always reject this request, *unless* the client is to be granted access without any authentication, in which case, the server MUST accept this request.
That's interesting, Anton. But does the Authentication method also govern the cipher used for data in flight encryption? I'll have to try it. Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org