Warning message at password prompt
Damien Miller
djm at mindrot.org
Thu Feb 14 22:32:37 EST 2002
On Thu, 14 Feb 2002, Edward Avis wrote:
> On Thu, 14 Feb 2002, Damien Miller wrote:
>
> >>If anyone could suggest ways to find out what from sshconnect2.c what
> >>cipher is being used, that would be a real help.
> >
> >Why don't you send a debugging message from kex.c if you negotiate
> >cipher none in either direction?
>
> So it is kex.c that negotiates the cipher to use. And this is
> negotiated just once at the start of the connection. (Just checking)
Renegotiation may happen at any time.
> I could print a warning if 'none' is negotiated, but I would prefer to
> set a global flag and test it at the password prompt.
You could use an approach like I do in my keynote policy patch[1] and
pull the cipher out of packet.c. You can then test the cipher at the
time of the prompt directly.
-d
[1] http://www.mindrot.org/~djm/ssh-keynote/ssh-keynote-20020214.diff
More information about the openssh-unix-dev
mailing list