On 15 Jan 2016, at 11:27, Malcolm <opensshdev@xxxxxxxxxxx> wrote: > Quoting Alex Bligh <alex@xxxxxxxxxxx>: > >> So could they exchange a secret as part of the session, obviating >> the need for any set up? > > If by set up, you mean "the rest of the SSH authentication", then surely not. > MD5 pre-shared secrets are probably fine for "port-knocking" or even > RST-proofing purposes, but not for authenticating SSH sessions to servers. No not at all. I meant obviating the need for separately presharing an MD5SIG key. Clearly this is additional to the existing authentication and encryption and not in any way a substitution. It's designed to prevent (e.g.) RST attacks. -- Alex Bligh _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev