Warning message at password prompt
Edward Avis
epa98 at doc.ic.ac.uk
Thu Feb 14 22:55:02 EST 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 14 Feb 2002, Damien Miller wrote:
>>>Why don't you send a debugging message from kex.c if you negotiate
>>>cipher none in either direction?
>>
>>So it is kex.c that negotiates the cipher to use. And this is
>>negotiated just once at the start of the connection. (Just checking)
>
>Renegotiation may happen at any time.
That's what I was afraid of. I really only want to look at the cipher
used at the time the password prompt is printed. I assume this will
always be the same cipher used to send the password.
Hang on - I know that a new key(s) can be chosen at any time, but can
the actual cipher used change? If I start a connection using 3DES, can
it suddenly change to Blowfish due to renegotiation? This is surely
impossible in practice unless the server's preferences change.
>You could use an approach like I do in my keynote policy patch[1] and
>pull the cipher out of packet.c. You can then test the cipher at the
>time of the prompt directly.
>[1] http://www.mindrot.org/~djm/ssh-keynote/ssh-keynote-20020214.diff
Thanks, I will have a look at this.
- --
Ed Avis <epa98 at doc.ic.ac.uk>
Finger for PGP key
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8a6WYIMp73jhGogoRApvvAJ405UYYOGWBSTFa1B7HEE26QIx2CwCdHf8Q
eje9UOO/4pA5P5t770zPEdI=
=7S6K
-----END PGP SIGNATURE-----
More information about the openssh-unix-dev
mailing list