Warning message at password prompt

Damien Miller djm at mindrot.org
Thu Feb 14 22:32:37 EST 2002

On Thu, 14 Feb 2002, Edward Avis wrote:

> On Thu, 14 Feb 2002, Damien Miller wrote:
> >>If anyone could suggest ways to find out what from sshconnect2.c what
> >>cipher is being used, that would be a real help.
> >
> >Why don't you send a debugging message from kex.c if you negotiate
> >cipher none in either direction?
> So it is kex.c that negotiates the cipher to use.  And this is
> negotiated just once at the start of the connection.  (Just checking)

Renegotiation may happen at any time.

> I could print a warning if 'none' is negotiated, but I would prefer to
> set a global flag and test it at the password prompt. 

You could use an approach like I do in my keynote policy patch[1] and
pull the cipher out of packet.c. You can then test the cipher at the 
time of the prompt directly.


[1] http://www.mindrot.org/~djm/ssh-keynote/ssh-keynote-20020214.diff

More information about the openssh-unix-dev mailing list