Potential SSH2 exploit

Peter Watkins peterw at usa.net
Fri Jan 11 23:44:43 EST 2002


On Fri, Jan 11, 2002 at 01:24:40PM +0100, Markus Friedl wrote:
> On Fri, Jan 11, 2002 at 07:14:20AM -0500, Peter W wrote:
> > On Fri, Jan 11, 2002 at 10:00:50AM +0100, Markus Friedl wrote:
> > > On Thu, Jan 10, 2002 at 01:40:29PM -0600, Dave Dykstra wrote:
> > 
> > > > Maybe the OpenSSH ssh
> > > > client should retrieve and store both kinds of host keys
> > > 
> > > not possible.
> > 
> > Well, there *could* be logic like this, right?
> 
> won't happen.

> > Clients should warn about unknown/changed keys (as OpenSSH does) and
> > users should pay attention to those warnings.
> 
> yes, since OpenSSH already warns, i don't see big issue here.

Nor do I. 

"won't happen" != "not possible", *but* "possible" != "good idea", either.

Take care, and happy new year,

-Peter



More information about the openssh-unix-dev mailing list