diff --git a/man/tinysshnoneauthd.8 b/man/tinysshnoneauthd.8
new file mode 100644
index 0000000000000000000000000000000000000000..aad99ba96aada364c009e4739f351551744d6466
--- /dev/null
+++ b/man/tinysshnoneauthd.8
@@ -0,0 +1,49 @@
+.TH tinysshnoneauthd 8
+.SH NAME
+tinysshnoneauthd \- Tiny SSH daemon with 'none' auth. enabled
+.SH SYNOPSIS
+.B tinysshnoneauthd
+[ options ]
+.I keydir
+.SH DESCRIPTION
+.B tinysshnoneauthd
+creates encrypted (but not auhenticated) SSH connection.
+It's used to protect older protocols which uses e.g. telnet etc.
+.SH OPTIONS
+.TP
+.B \-q
+no error messages
+.TP
+.B \-Q
+print error messages (default)
+.TP
+.B \-v
+print extra information
+.TP
+.B \-l
+use syslog instead of standard error output (useful for running from inetd)
+.TP
+.B \-L
+don't use syslog, use standard error output (default)
+.TP
+.B \-e \fIcommand
+execute the given command instead of spawning the shell (disables \fIexec\fR/\fIsubsystem\fR channel requests)
+.TP
+.I keydir
+directory containing TinySSH keys, typically /etc/tinyssh/sshkeydir
+.SH EXAMPLES
+.TP
+.B TCPSERVER
+useradd tinysshnoneauth
+mkdir -p /home/tinysshnoneauth/
+tinysshd-makekey /home/tinysshnoneauth/sshkeydir
+chown -R tinysshnoneauth /home/tinysshnoneauth/sshkeydir
+envuidgid tinysshnoneauth tcpserver -UHRDl0 0 2222 /usr/sbin/tinysshnoneauthd -vv -e 'cat /etc/motd' /home/tinysshnoneauth/sshkeydir
+.SH SEE ALSO
+.BR tinysshd (8),
+.BR tinysshd\-makekey (8),
+.BR tinysshd\-printkey (8)
+.sp
+.nf
+https://tinyssh.org/
+.fi
diff --git a/tinyssh/TARGETS b/tinyssh/TARGETS
index 57fadf06bc953ed40ec27cdd37760ce85bd5f2ce..70c67432c3b314866b0e27690bda347677febcb7 100644
--- a/tinyssh/TARGETS
+++ b/tinyssh/TARGETS
@@ -1,3 +1,4 @@
 tinysshd
+tinysshnoneauthd
 tinysshd-makekey
 tinysshd-printkey
diff --git a/tinyssh/main.h b/tinyssh/main.h
index dcc4191a51d462da37892c731436da65f2a7067d..6563275f0c8b77a18b2a98bdb59979c103cca70f 100644
--- a/tinyssh/main.h
+++ b/tinyssh/main.h
@@ -1,7 +1,7 @@
 #ifndef _MAIN_H____
 #define _MAIN_H____
 
-extern int main_tinysshd(int, char **);
+extern int main_tinysshd(int, char **, const char *);
 extern int main_tinysshd_printkey(int, char **);
 extern int main_tinysshd_makekey(int, char **);
 
diff --git a/tinyssh/main_tinysshd.c b/tinyssh/main_tinysshd.c
index 69235474c4ca5c39afdd7338b489d5ac9eb6c1a0..af952b5e98239fdbd2c56194c96360e6f0644f0a 100644
--- a/tinyssh/main_tinysshd.c
+++ b/tinyssh/main_tinysshd.c
@@ -25,15 +25,15 @@ Public domain.
 #include "global.h"
 #include "connectioninfo.h"
 #include "die.h"
+#include "str.h"
 #include "main.h"
 
-#define USAGE "usage: tinysshd [options] keydir"
-
 static unsigned int cryptotypeselected = sshcrypto_TYPENEWCRYPTO | sshcrypto_TYPEPQCRYPTO;
 static int flagverbose = 1;
 static int fdwd;
 static int flaglogger = 0;
 static const char *customcmd = 0;
+static int flagnoneauth = 0;
 
 static struct buf b1 = {global_bspace1, 0, sizeof global_bspace1};
 static struct buf b2 = {global_bspace2, 0, sizeof global_bspace2};
@@ -50,8 +50,7 @@ static void trigger(int x) {
     x = write(selfpipe[1], "", 1);
 }
 
-
-int main_tinysshd(int argc, char **argv) {
+int main_tinysshd(int argc, char **argv, const char *binaryname) {
 
     char *x;
     const char *keydir = 0;
@@ -65,14 +64,22 @@ int main_tinysshd(int argc, char **argv) {
     struct pollfd *watchfromchild2;
     struct pollfd *watchselfpipe;
     int exitsignal, exitcode;
+    long long binarynamelen = str_len(binaryname);
+    const char *usage;
 
     signal(SIGPIPE, SIG_IGN);
     signal(SIGALRM, timeout);
 
-    log_init(0, "tinysshd", 0, 0);
+    log_init(0, binaryname, 0, 0);
+    if (str_equaln(binaryname, binarynamelen, "tinysshnoneauthd")) {
+        usage = "usage: tinysshnoneauthd [options] keydir";
+    }
+    else {
+        usage = "usage: tinysshd [options] keydir";
+    }
 
-    if (argc < 2) die_usage(USAGE);
-    if (!argv[0]) die_usage(USAGE);
+    if (argc < 2) die_usage(usage);
+    if (!argv[0]) die_usage(usage);
     for (;;) {
         if (!argv[1]) break;
         if (argv[1][0] != '-') break;
@@ -100,12 +107,18 @@ int main_tinysshd(int argc, char **argv) {
                 if (argv[1]) { customcmd = *++argv; break; }
             }
 
-            die_usage(USAGE);
+            die_usage(usage);
         }
     }
-    keydir = *++argv; if (!keydir) die_usage(USAGE);
+    keydir = *++argv; if (!keydir) die_usage(usage);
+
+    log_init(flagverbose, binaryname, 1, flaglogger);
 
-    log_init(flagverbose, "tinysshd", 1, flaglogger);
+    if (str_equaln(binaryname, binarynamelen, "tinysshnoneauthd")) {
+        if (!customcmd) die_fatal("rejecting to run without -e customprogram", 0, 0);
+        if (geteuid() == 0) die_fatal("rejecting to run under UID=0", 0, 0);
+        flagnoneauth = 1;
+    }
 
     connectioninfo(channel.localip, channel.localport, channel.remoteip, channel.remoteport);
     log_i4("connection from ", channel.remoteip, ":", channel.remoteport);
@@ -171,7 +184,7 @@ rekeying:
 
     /* authentication + authorization */
     if (packet.flagauthorized == 0) {
-        if (!packet_auth(&b1, &b2)) die_fatal("authentication failed", 0, 0);
+        if (!packet_auth(&b1, &b2, flagnoneauth)) die_fatal("authentication failed", 0, 0);
         packet.flagauthorized = 1;
     }
 
diff --git a/tinyssh/packet.h b/tinyssh/packet.h
index 34e0bde27f31653b9a8318cd52d5e5031d78ab1c..cc79cdb1a0de5fdcf6e4227957e5c3d897ede6cd 100644
--- a/tinyssh/packet.h
+++ b/tinyssh/packet.h
@@ -104,7 +104,7 @@ extern int packet_kex_receive(void);
 extern int packet_kexdh(const char *, struct buf *, struct buf *);
 
 /* packet_auth.c */
-extern int packet_auth(struct buf *, struct buf *);
+extern int packet_auth(struct buf *, struct buf *, int);
 
 /* packet_channel_open.c */
 extern int packet_channel_open(struct buf *, struct buf *);
diff --git a/tinyssh/packet_auth.c b/tinyssh/packet_auth.c
index 9e5a0cf6d3be499fb4526a1be3338da38c9484f8..b2ac838c45c913bd5720de442df0edfcd1d8219f 100644
--- a/tinyssh/packet_auth.c
+++ b/tinyssh/packet_auth.c
@@ -4,6 +4,7 @@ Jan Mojzis
 Public domain.
 */
 
+#include <pwd.h>
 #include "buf.h"
 #include "ssh.h"
 #include "e.h"
@@ -16,7 +17,8 @@ Public domain.
 #include "log.h"
 #include "packet.h"
 
-int packet_auth(struct buf *b, struct buf *b2) {
+
+int packet_auth(struct buf *b, struct buf *b2, int flagnoneauth) {
 
     crypto_uint8 ch, flagsignature;
     long long pos, i, count, sign_bytes = 0;
@@ -68,7 +70,20 @@ int packet_auth(struct buf *b, struct buf *b2) {
         pos = packetparser_uint32(b->buf, b->len, pos, &len);       /* publickey/password/hostbased/none */
         pos = packetparser_skip(b->buf, b->len, pos, len);
 
-        if (str_equaln((char *)b->buf + pos - len, len, "none")) pkname = "none";
+        if (str_equaln((char *)b->buf + pos - len, len, "none")) {
+            /*
+            if auth. none is enabled get the user from UID
+            */
+            if (flagnoneauth) {
+                struct passwd *pw;
+                pkname = "none";
+                pw = getpwuid(geteuid());
+                if (!pw) bug();
+                str_copyn(packet.name, sizeof packet.name, pw->pw_name);
+                b->len = 0; b->buf[0] = 0;
+                goto authorized;
+            }
+        }
         if (str_equaln((char *)b->buf + pos - len, len, "password")) pkname = "password";
         if (str_equaln((char *)b->buf + pos - len, len, "hostbased")) pkname = "hostbased";
         if (str_equaln((char *)b->buf + pos - len, len, "publickey")) {
diff --git a/tinyssh/tinysshd.c b/tinyssh/tinysshd.c
index c8ca4e421c1de5fb6cc4d2645a2107aa42ef84c1..d7a98b4fe9f85362f42f7f65e0a60488861e8457 100644
--- a/tinyssh/tinysshd.c
+++ b/tinyssh/tinysshd.c
@@ -41,8 +41,11 @@ int main(int argc, char **argv) {
     else if (str_equaln(x, xlen, "tinysshd-makekey")){
         return main_tinysshd_makekey(argc, argv);
     }
+    else if (str_equaln(x, xlen, "tinysshnoneauthd")){
+        return main_tinysshd(argc, argv, "tinysshnoneauthd");
+    }
     else {
-        return main_tinysshd(argc, argv);
+        return main_tinysshd(argc, argv, "tinysshd");
     }
 
     _exit(111);
diff --git a/tinyssh/tinysshnoneauthd.c b/tinyssh/tinysshnoneauthd.c
new file mode 120000
index 0000000000000000000000000000000000000000..531c8353925abcd7849791fdfc8d74c85e242127
--- /dev/null
+++ b/tinyssh/tinysshnoneauthd.c
@@ -0,0 +1 @@
+tinysshd.c
\ No newline at end of file
diff --git a/tinyssh/tinysshnoneauthd.exp b/tinyssh/tinysshnoneauthd.exp
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/tinyssh/tinysshnoneauthd.rts b/tinyssh/tinysshnoneauthd.rts
new file mode 100644
index 0000000000000000000000000000000000000000..039e4d0069c5c26909f86c505b9de66182e6d1f3
--- /dev/null
+++ b/tinyssh/tinysshnoneauthd.rts
@@ -0,0 +1,2 @@
+#!/bin/sh
+exit 0