#2369 new enhancement

Support encryptionless sftp using sftp-over-tcp

Reported by: HoverHell Owned by: HoverHell
Priority: normal Milestone: undecided
Component: code-frontend-ftp-sftp Version: 1.10.0
Keywords: performance security confidentiality integrity Cc:
Launchpad Bug:

Description

For performance reasons, it might be preferable to use unencrypted (and unauthenticated) sshfs, e.g. when running over localhost or a trusted local network.

For this, sshfs supports a directport=… option which skips the 'ssh' part and directly uses sftp protocol (for reference, the server-part of this can be started using socat TCP4-LISTEN:12345,bind=192.168.0.1 EXEC:/usr/lib/sftp-server,nofork)

(not sure whether this is a duplicate; I could not find anything relevant)

Change History (5)

comment:1 Changed at 2015-01-29T16:07:03Z by daira

  • Component changed from unknown to code-frontend-ftp-sftp
  • Keywords security confidentiality integrity added
  • Owner set to HoverHell

I'm skeptical that encryption and authentication has a significant performance impact relative to other factors. HoverHell, can you measure that?

Last edited at 2015-01-29T16:07:55Z by daira (previous) (diff)

comment:2 Changed at 2015-01-30T09:17:51Z by HoverHell

Apparently I can't answer that because of the spambayes.

comment:3 Changed at 2015-02-06T17:46:54Z by zooko

HoverHell: sorry about that. ☹ Attempting to fix it. Here's the comment that you tried to post that spambayes ate:

significant performance impact relative to other factors

I think, measuring it relative to other factors would require implementing it. I haven't gotten into the code yet, and I'm mostly suggesting it as a potentially-simple addition. Though it is possible I will get to experiment with this later.

Last edited at 2015-02-06T17:47:13Z by zooko (previous) (diff)

comment:4 Changed at 2015-02-07T00:56:49Z by daira

Technically it would require implementing it, but the implementation could be an easier hack such as commenting out code in twisted.conch (that wouldn't be suitable for a "real" implementation), for instance.

Last edited at 2015-02-07T00:57:02Z by daira (previous) (diff)

comment:5 Changed at 2020-01-20T20:45:18Z by exarkun

I think that null cipher SSH is poorly supported by SSH implementations. My recollection is that OpenSSH initially supported it for quite some time and at some point decided to drop it. Twisted Conch supported it at some point. I don't remember if that support went away or not.

Note: See TracTickets for help on using tickets.