Potential SSH2 exploit
Peter Watkins
peterw at usa.net
Fri Jan 11 23:44:43 EST 2002
On Fri, Jan 11, 2002 at 01:24:40PM +0100, Markus Friedl wrote:
> On Fri, Jan 11, 2002 at 07:14:20AM -0500, Peter W wrote:
> > On Fri, Jan 11, 2002 at 10:00:50AM +0100, Markus Friedl wrote:
> > > On Thu, Jan 10, 2002 at 01:40:29PM -0600, Dave Dykstra wrote:
> >
> > > > Maybe the OpenSSH ssh
> > > > client should retrieve and store both kinds of host keys
> > >
> > > not possible.
> >
> > Well, there *could* be logic like this, right?
>
> won't happen.
> > Clients should warn about unknown/changed keys (as OpenSSH does) and
> > users should pay attention to those warnings.
>
> yes, since OpenSSH already warns, i don't see big issue here.
Nor do I.
"won't happen" != "not possible", *but* "possible" != "good idea", either.
Take care, and happy new year,
-Peter
More information about the openssh-unix-dev
mailing list