Re: Why hostkeys-00@xxxxxxxxxxx is following user authentication?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 23 December 2015 at 23:30, Damien Miller <djm@xxxxxxxxxxx> wrote:
>
> On Wed, 23 Dec 2015, Alon Bar-Lev wrote:
>
> > Hello,
> >
> > This hostkeys extension is great, reading[1]:
> > """
> > OpenSSH supports a protocol extension allowing a server to inform a
> > client of all its protocol v.2 host keys after user-authentication has
> > completed.
> > """
> >
> > I wonder, why should user authentication be completed before this
> > functionality is available? This means that ssh-keyscan tool (for
> > example) cannot take advantage of the functionality.
>
> It's done this way because the only extensible messages in the protocol
> are channel and global requests, which are only valid after the
> "ssh-connection" (channels) service has been requested. This only happens
> after userauth.
>
> It would be better to do it after key exchange and before user
> authentication, but it would also be less compatible with other
> implementations.
>
> -d

Thank you for quick response!
I was under the impression that global requests can be sent before
user authentication.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux