On Wed, 16 Oct 2019, Peter Moody wrote: > > Would a dedicated protocol, such as yamux, be better for this than > > SSH? > > I suspect you're more likely to get a yamux tool working than convince > the openssh maintainers to add a "-oCiphers=none" Yeah, this comes up from time to time. Our position is unchanged - OpenSSH is a secure, encrypted login (etc.) system and offering an unencrypted mode is contrary to our product philosophy. Others are welcome to (and do) add it; it's only a few lines to change. BTW we had already made this decision before the world saw http://www.mindrot.org/junk/ssl-here.jpg and we're even more firm now. If you want to use OpenSSH for your use-case, consider selecting either a fast software implemented cipher like chacha20-poly1305 or one that has hardware acceleration on your platform (usually an AES variant, with AES-GCM best if supported). They are quite low-overhead. Alternately, there's SOCKS. If that's not your thing then PPP over a TCP socket gives you arbitrary network forwarding capabilities and the benefit of a full network stack and associated controls (e.g. you can run it in an isolated routing domain/VRF). -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
