On 23 December 2015 at 23:30, Damien Miller <djm@xxxxxxxxxxx> wrote: > > On Wed, 23 Dec 2015, Alon Bar-Lev wrote: > > > Hello, > > > > This hostkeys extension is great, reading[1]: > > """ > > OpenSSH supports a protocol extension allowing a server to inform a > > client of all its protocol v.2 host keys after user-authentication has > > completed. > > """ > > > > I wonder, why should user authentication be completed before this > > functionality is available? This means that ssh-keyscan tool (for > > example) cannot take advantage of the functionality. > > It's done this way because the only extensible messages in the protocol > are channel and global requests, which are only valid after the > "ssh-connection" (channels) service has been requested. This only happens > after userauth. > > It would be better to do it after key exchange and before user > authentication, but it would also be less compatible with other > implementations. > > -d Thank you for quick response! I was under the impression that global requests can be sent before user authentication. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev