Re: Why hostkeys-00@xxxxxxxxxxx is following user authentication?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Wed, 23 Dec 2015, Alon Bar-Lev wrote:

> Hello,
> 
> This hostkeys extension is great, reading[1]:
> """
> OpenSSH supports a protocol extension allowing a server to inform a
> client of all its protocol v.2 host keys after user-authentication has
> completed.
> """
> 
> I wonder, why should user authentication be completed before this
> functionality is available? This means that ssh-keyscan tool (for
> example) cannot take advantage of the functionality.

It's done this way because the only extensible messages in the protocol
are channel and global requests, which are only valid after the
"ssh-connection" (channels) service has been requested. This only happens
after userauth.

It would be better to do it after key exchange and before user
authentication, but it would also be less compatible with other
implementations.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux