Re: UpdateHostkeys now enabled by default

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Sat, 2020-10-03 at 19:44 +1000, Damien Miller wrote:
> Otherwise, feel free to ask me anything.

Was it ever considered that the feature itself could be problematic,
security-wise?

I see at least two candidates:
- It's IMO generally a bad idea to distribute "better/newer" keys over
a potentially already weaker trust path (i.e. something secured by the
old key).
- If some key was compromised (and thus the server itself) an attacker
might use the feature to distribute his own keys, which, during clean
up from the attack, might be overseen.


Cheers,Chris

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux