openssh 4.2p1 zlib compression broken for old clients
Markus Friedl
markus at openbsd.org
Thu Oct 27 20:26:20 EST 2005
allowing zlib compresison is a server side risk.
delaying compression until the user is authenticated reduces
the server side risk.
i don't see why the code should change.
if it's a problem, then only in the documentation:
Compression
Specifies whether compression is allowed, or delayed until the
user has authenticated successfully. The argument must be
``yes'', ``delayed'', or ``no''. The default is ``delayed''.
More information about the openssh-unix-dev
mailing list