Re: Suggested way to ssh into obsolete devices (with old ssh crypto)?

To: debian-user@lists.debian.org
Subject: Re: Suggested way to ssh into obsolete devices (with old ssh crypto)?
From: Stefan Monnier <monnier@iro.umontreal.ca>
Date: Tue, 06 Jul 2021 23:06:22 -0400
Message-id: <[🔎] jwvmtqysu6q.fsf-monnier+gmane.linux.debian.user@gnu.org>
References: <[🔎] YOQW4Iuhhk8JAkHE@h5.or.at> <[🔎] 20210706125235.GA18955@connexer.com> <[🔎] jwvh7h7toqo.fsf-monnier+gmane.linux.debian.user@gnu.org> <[🔎] YOSHSMVOdUb7MwwL@einval.com> <[🔎] jwv4kd7tm1s.fsf-monnier+gmane.linux.debian.user@gnu.org> <[🔎] 63165f5c-de81-11eb-9b6a-00163eeb5320@msgid.mathom.us> <[🔎] 20210706180511.GA6175@tuxteam.de> <[🔎] 03416ee2-de85-11eb-9b6a-00163eeb5320@msgid.mathom.us> <[🔎] 20210706201844.GB6175@tuxteam.de> <[🔎] jwvsg0rrvtk.fsf-monnier+gmane.linux.debian.user@gnu.org> <[🔎] 20210706215352.GD6175@tuxteam.de>

> I'm aware of that. My critique was specific to the "we take it out
> because it's dangerous to the user" part.

That's often an explanation but not the main motivation.
For the `none` cipher, I think it was, tho.

IIRC the problem was that using the `none` cipher causes the
authentication to be exposed in a way that is worse than using Telnet:
with Telnet you only expose the data you send to the wire, whereas with
SSH's `none` cipher you ended up exposing the data plus your
(valued) credentials.

> I'm torn on this one... Sometimes I've the impression that this leads to
> asocial software (i.e. nobody goes to any effort to make their software
> compatible to reasonable ranges of library (and other dependencies's)
> versions).
> Akin to the Flatpaks and Snaps of this world, perhaps with a less horrible
> dependencies management story).

Indeed, it has its downsides.


        Stefan

Reply to:

Follow-Ups:
- Re: Suggested way to ssh into obsolete devices (with old ssh crypto)?
  - From: <tomas@tuxteam.de>

References:
- Suggested way to ssh into obsolete devices (with old ssh crypto)?
  - From: Ralph Aichinger <ra@pi.h5.or.at>
- Re: Suggested way to ssh into obsolete devices (with old ssh crypto)?
  - From: Roberto C. Sánchez <roberto@debian.org>
- Re: Suggested way to ssh into obsolete devices (with old ssh crypto)?
  - From: Stefan Monnier <monnier@iro.umontreal.ca>
- Re: Suggested way to ssh into obsolete devices (with old ssh crypto)?
  - From: "Andrew M.A. Cater" <amacater@einval.com>
- Re: Suggested way to ssh into obsolete devices (with old ssh crypto)?
  - From: Stefan Monnier <monnier@iro.umontreal.ca>
- Re: Suggested way to ssh into obsolete devices (with old ssh crypto)?
  - From: Michael Stone <mstone@debian.org>
- Re: Suggested way to ssh into obsolete devices (with old ssh crypto)?
  - From: <tomas@tuxteam.de>
- Re: Suggested way to ssh into obsolete devices (with old ssh crypto)?
  - From: Michael Stone <mstone@debian.org>
- Re: Suggested way to ssh into obsolete devices (with old ssh crypto)?
  - From: <tomas@tuxteam.de>
- Re: Suggested way to ssh into obsolete devices (with old ssh crypto)?
  - From: Stefan Monnier <monnier@iro.umontreal.ca>
- Re: Suggested way to ssh into obsolete devices (with old ssh crypto)?
  - From: <tomas@tuxteam.de>

Prev by Date: Re: Help: explanation of secure flash?
Next by Date: Re: apt tells me that grub-efi, grub2-common are no longer needed
Previous by thread: Re: Suggested way to ssh into obsolete devices (with old ssh crypto)?
Next by thread: Re: Suggested way to ssh into obsolete devices (with old ssh crypto)?
Index(es):
- Date
- Thread