Re: Patch: Ciphers, MACs and KexAlgorithms on Match

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Jun 8, 2014, at 8:43 AM, Darren Tucker <dtucker@xxxxxxxxxx> wrote:

> On Sat, Jun 7, 2014 at 7:23 PM, Damien Miller <djm@xxxxxxxxxxx> wrote:
> 
>> On Fri, 6 Jun 2014, Armin Wolfermann wrote:
>> 
>> [...]
>> Unfortunately, this a a bit confusing - some Match criteria only work
>> after key exchange has completed. If users try something like
>> 
>> Match user djm
>>        Ciphers aes128-cbc
>> 
>> then it will never work.
> 
> 
> Actually in this particular case you could probably force a rekeying as
> soon as the username is received and make this work more or less as
> expected.  That'd work for Compression too.

However, if the SSH client in question is broken (as it sounds like Mr Wolfermann's Android clients are) it will never get to a rekey stage as it will fail to do the initial connection.

Just feels hokey to try and play with Ciphers and Macs in the Match.

- Ben
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux