Timing of banner
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sat Jul 2 05:50:29 EST 2011
On 07/01/2011 03:20 PM, Bob Rasmussen wrote:
> My user's point has a certain validity, I think: the user isn't seeing
> what they're logging into before giving a username. One might even
> consider it a security issue, identifying yourself before you know who
> you're talking to (although I realize the fingerprint verification
> mitigates this).
From a security standpoint, the fingerprint verification doesn't just
mitigate this; it is the *only* thing that addresses this security
concern. Reliance on a trivially replayable banner for identifying the
host would be an insecure practice.
i haven't thought through the rest of the tradeoffs (there may well be a
case to be made for an earlier banner in the opening
handshake/negotiation); i just wanted to be clear that the argument by
security (for users to identify the host) is flawed.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20110701/7af82831/attachment.bin>
More information about the openssh-unix-dev
mailing list