>> My [possibly flawed] understanding is that using 'none' causes
>> authentication to be insecure, not just encryption. So not only
>> might it compromise the current transaction, it could compromise
>> future transactions.
> While I do understand that "none" makes ssh unsecure, and may cause a
> misplaced sense of security, I prefer to have the option available.

Me too.  I'm perfectly content with requiring explicit reconfiguration
to make it available (such as Ciphers and MACs in sshd_config).  But I
think it is unreasonable to protect admins against themselves to the
extent of removing it entirely.

NetBSD tries to keep people from shooting themselves in the foot by
mistake.  But I think it is wrong to keep the guns locked away entirely
because people might shoot themselves in the foot.

> After all, even with null crypto, ssh is no worse than rlogin and
> friends (unless I am missing atrick here?).

As I read jhawk's message, it's saying that with "none" encryption, a
putative sniffer could acquire enough information to compromise your
private key, thereby rendering all sessions authenticated with that key
insecure.

I don't think this is true.  If it is, the protocol is grossly
misdesigned, because everything the sniffer gains, the peer server has
access to even with real encryption, and I think we will all agree that
the client should _never_ reveal to _anyone_ enough information to
compromise a private key.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B