Openssl and openssh

ew-ssh at ew-ssh at
Thu Aug 1 23:21:00 EST 2002

Ahh, ok; thank you.  So basically only those servers who have public key 
entries in my authorized_hosts[2] would be able to exploit the ssl 
vulnerability?  I suppose those who have an entry in my authorized_keys 
already get access to the box, so why exploit it.

Thank you!

On Thu, 1 Aug 2002, Florian Weimer wrote:

> ew-ssh at writes:
> > What does Weimer mean by "server"?  Usually public keys are sitting right 
> > next to the private ones.
> In order to use public key authentication, you have to put the public
> keys into some authorized_keys/ssh_known_hosts file on the server.
> That's what I meant.

More information about the openssh-unix-dev mailing list