Subject: Re: Policy questions
To: None <>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: tech-userlevel
Date: 01/03/2004 10:32:43
> Also, I'm given to understand there are good [ssh] protocol-specific
> reasons not to allow cypher=none, but I don't fully understand them.

Assuming the network is one for which rsh would be suitable, I can't
see any.  I'd like a reference to anything anyone has to the contrary.

> Well, no. The issue that I raised is that we ought to have a tool to
> allow unencrypted file transfers without allowing unencrypted logins,
> and that netcat was the only tool I knew of that usefully allowed it.
> If there are other tools in common usage, I'd like to know what they
> are.

ftp can be set up this way, though it fails a test mentioned (I don't
recall by whom) in another message, that of not requiring sysadmin
access to set up.

Actually, we almost have such tools, though slightly contrived.  First,
you need a rudimentary netcat on the "sending" system, something to
accept a connection and blat a blob of data to it (even just a quick
edit to inetd to run cat for a particular port).  Then you uuencode the
data and feed it to that; on the "receiving" system you run script and
telnet to capture the data, then use sed -e 's/^M$//' | uudecode -p to
recover the data.  I've used this often enough as a grappling hook when
faced with a new install with only the network available to copy local
software over to it.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B