Potential SSH2 exploit
David Terrell
dbt at meat.net
Sat Jan 12 19:22:20 EST 2002
On Fri, Jan 11, 2002 at 04:51:56PM -0600, Dave Dykstra wrote:
> That would be of some help; make the warning stronger if there is a known
> key of another type. Hey, for that matter why not print out the big
> warning that somebody could be doing something nasty? It's really no
> different if somebody has exchanged one RSA key for another than if they've
> exchange one RSA key for a DSA key. Right? That would be a simple fix.
It is different.
In once case, you have unverified credentials, in another case you have
clearly wrong credentials.
Some people have been lazy about generating ssh2 rsa keys you know :)
--
David Terrell | "Anyone who says that is woefully
Prime Minister, Nebcorp | underinformed. IE, reads usenet."
dbt at meat.net | - Sean O'Connor
http://wwn.nebcorp.com/
More information about the openssh-unix-dev
mailing list