> Killing the connection if the client suggests the wrong option is > quite hostile to the user. I don't think we'd want that. > > It's theoretically possible to force a rekeying after authentication > with new options, but this is slow: several client/server round-trips > plus the potentially very slow key exchange crypto. IMO it's too slow > and confusing to be worth implementing. Would it be difficult to implement? I guess it's the only clean way then to restrict compression to certain users (if killing the connection isn't an option). And the slowness would probably not really matter, since it's only necessary to work like that, when being used in a Match section, which most people will never do. Shall I open a wishlist ticket about that? Thanks, Philippe _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev