Timing of banner

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sat Jul 2 05:50:29 EST 2011

On 07/01/2011 03:20 PM, Bob Rasmussen wrote:
> My user's point has a certain validity, I think: the user isn't seeing 
> what they're logging into before giving a username. One might even 
> consider it a security issue, identifying yourself before you know who 
> you're talking to (although I realize the fingerprint verification 
> mitigates this).

From a security standpoint, the fingerprint verification doesn't just
mitigate this; it is the *only* thing that addresses this security
concern.  Reliance on a trivially replayable banner for identifying the
host would be an insecure practice.

i haven't thought through the rest of the tradeoffs (there may well be a
case to be made for an earlier banner in the opening
handshake/negotiation); i just wanted to be clear that the argument by
security (for users to identify the host) is flawed.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20110701/7af82831/attachment.bin>

More information about the openssh-unix-dev mailing list