Openssl and openssh

ew-ssh at ew-ssh at
Thu Aug 1 23:01:23 EST 2002

When keys are generated, doesn't the public key stick arround on the 
server ( and

Would that make us vulnerable, or have I misunderstood what you had said?


On Thu, 1 Aug 2002, Florian Weimer wrote:

> "kumar" <kumareshind at> writes:
> > I had seen some recommendations for and against that these vulnerabilities
> > affects OpenSSH.
> Protocol 2 RSA public key/host based authentication calls OpenSSL's
> RSA_verify, which ueses the ASN.1 parser internally.  Exploiting
> CAN-2002-0659 still requires that the SSH2 public key has been stored
> on the SSH server, so no anonymous attacks are possible in typical
> contexts.

More information about the openssh-unix-dev mailing list