Opened at 2015-01-29T15:13:58Z
Last modified at 2020-01-20T20:45:18Z
#2369 new enhancement
Support encryptionless sftp using sftp-over-tcp
Reported by: | HoverHell | Owned by: | HoverHell |
---|---|---|---|
Priority: | normal | Milestone: | undecided |
Component: | code-frontend-ftp-sftp | Version: | 1.10.0 |
Keywords: | performance security confidentiality integrity | Cc: | |
Launchpad Bug: |
Description
For performance reasons, it might be preferable to use unencrypted (and unauthenticated) sshfs, e.g. when running over localhost or a trusted local network.
For this, sshfs supports a directport=… option which skips the 'ssh' part and directly uses sftp protocol (for reference, the server-part of this can be started using socat TCP4-LISTEN:12345,bind=192.168.0.1 EXEC:/usr/lib/sftp-server,nofork)
(not sure whether this is a duplicate; I could not find anything relevant)
Change History (5)
comment:1 Changed at 2015-01-29T16:07:03Z by daira
- Component changed from unknown to code-frontend-ftp-sftp
- Keywords security confidentiality integrity added
- Owner set to HoverHell
comment:2 Changed at 2015-01-30T09:17:51Z by HoverHell
Apparently I can't answer that because of the spambayes.
comment:3 Changed at 2015-02-06T17:46:54Z by zooko
HoverHell: sorry about that. ☹ Attempting to fix it. Here's the comment that you tried to post that spambayes ate:
significant performance impact relative to other factors
I think, measuring it relative to other factors would require implementing > it. I haven't gotten into the code yet, and I'm mostly suggesting it as a > potentially-simple addition. Though it is possible I will get to > experiment with this later.
comment:4 Changed at 2015-02-07T00:56:49Z by daira
Technically it would require implementing it, but the implementation could be an easier hack such as commenting out code in twisted.conch (that wouldn't be suitable for a "real" implementation), for instance.
comment:5 Changed at 2020-01-20T20:45:18Z by exarkun
I think that null cipher SSH is poorly supported by SSH implementations. My recollection is that OpenSSH initially supported it for quite some time and at some point decided to drop it. Twisted Conch supported it at some point. I don't remember if that support went away or not.
I'm skeptical that encryption and authentication has a significant performance impact relative to other factors. HoverHell, can you measure that?