Re: [Patch] TCP MD5SIG for OpenSSH

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 15 Jan 2016, at 11:27, Malcolm <opensshdev@xxxxxxxxxxx> wrote:

> Quoting Alex Bligh <alex@xxxxxxxxxxx>:
> 
>> So could they exchange a secret as part of the session, obviating
>> the need for any set up?
> 
> If by set up, you mean "the rest of the SSH authentication", then surely not.
> MD5 pre-shared secrets are probably fine for "port-knocking" or even
> RST-proofing purposes, but not for authenticating SSH sessions to servers.

No not at all. I meant obviating the need for separately presharing
an MD5SIG key. Clearly this is additional to the existing authentication
and encryption and not in any way a substitution. It's designed to
prevent (e.g.) RST attacks.

-- 
Alex Bligh




_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux