Unencrypted SSH

I use OpenSSH on my home network. But the machines aren't really fast enough to do strong encryption for remotely displayed X applications. This patch lets you specify the cipher 'none' when connecting:

diff -ru openssh-3.0.2p1/cipher.c openssh-3.0.2p1-new/cipher.c
--- openssh-3.0.2p1/cipher.c	Fri Sep 14 03:47:34 2001
+++ openssh-3.0.2p1-new/cipher.c	Wed Feb 13 15:15:04 2002
@@ -419,6 +419,7 @@
 	u_int mask = 0;
 	mask |= 1 << SSH_CIPHER_3DES;           /* Mandatory */
 	mask |= 1 << SSH_CIPHER_BLOWFISH;
+	mask |= 1 << SSH_CIPHER_NONE;
 	if (client) {
 		mask |= 1 << SSH_CIPHER_DES;
 	}
@@ -459,7 +460,9 @@
 	for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0';
 	     (p = strsep(&cp, CIPHER_SEP))) {
 		c = cipher_by_name(p);
-		if (c == NULL || c->number != SSH_CIPHER_SSH2) {
+		/* SSH_CIPHER_NONE can be used by both protocol 1 and 2 */
+		if (c == NULL || (c->number != SSH_CIPHER_SSH2
+				  && c->number != SSH_CIPHER_NONE)) {
 			debug("bad cipher %s [%s]", p, names);
 			xfree(ciphers);
 			return 0;

    
Download patch against openssh-3.0.2p1

Update: this patch is now against openssh-3.0.2p1, although it should apply cleanly to some earlier versions. Now both the versions of the ssh protocol (1 and 2) will accept none. When using ssh protocol 1 with -c none and entering a password, you will be warned that the password will be sent in plain text. However with protocol version 2 and no encryption, plain text passwords are prompted for and sent without warning. If you are concerned about this I recommend removing the second part of the patch, or else adding another patch to disable password prompting entirely for SSH2 connections (remove the 'password' authmethod in sshconnect2.c).

If anyone knows how to add a warning message in userauth_passwd() depending on what encryption system is chosen, please let me know. I couldn't work it out.


Edward Avis
Last modified: Wed Feb 13 15:25:10 GMT 2002