On Fri, May 21, 2010 12:59, Brandon High wrote: > On Fri, May 21, 2010 at 7:12 AM, David Dyer-Bennet <d...@dd-b.net> wrote: >> >> On Thu, May 20, 2010 19:44, Freddie Cash wrote: >>> And you can always patch OpenSSH with HPN, thus enabling the NONE >>> cipher, >>> which disable encryption for the data transfer (authentication is >>> always >>> encrypted). And twiddle the internal buffers that OpenSSH uses to >>> improve >>> transfer rates, especially on 100 Mbps or faster links. >> >> Ah! I've been wanting that for YEARS. Very glad to hear somebody has >> done it. > > ssh-1 has had the 'none' cipher from day one, though it looks like > openssh has removed it at some point. Fixing the buffers seems to be a > nice tweak though.
I thought I remembered a "none" cipher, but couldn't find it the other year and decided I must have been wrong. I did use ssh-1, so maybe I really WAS remembering after all. >> With the common use of SSH for for moving bulk data (under rsync as >> well), >> this is a really useful idea. Of course one should think about where >> one > > I think there's a certain assumption that using ssh = safe, and by > enabling a none cipher you break that assumption. All of us know > better, but less experienced admins may not. Seems a high price to pay to try to protect idiots from being idiots. Anybody who doesn't understand that "encryption = none" means it's not encrypted and hence not safe isn't safe as an admin anyway. -- David Dyer-Bennet, d...@dd-b.net; http://dd-b.net/ Snapshots: http://dd-b.net/dd-b/SnapshotAlbum/data/ Photos: http://dd-b.net/photography/gallery/ Dragaera: http://dragaera.info _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
