Too many public keys
Aris Adamantiadis
aris at 0xbadc0de.be
Fri Apr 5 19:56:20 EST 2013
If you have too many public keys, you can use a config file to
specifically set an identity file to use with an host. I don't see what
problems you try to resolve, when in the opposite this limitation of
public key numbers tries per connection has actually been useful during
the Debian Openssl fiasco.
While I agree that there's no point counting failed gssapi attempts as
these cannot really be bruteforced.
Aris
Le 3/04/13 19:22, Andy Lutomirski a écrit :
> I wonder if (with a protocol extension) something even better could be
> done: take all locally available private keys, construct a small Bloom
> filter and send it to the server, and have the server decide whether
> any of the keys it accepts match. (This would be efficient for shell
> accounts but would be worse than useless for things like gitolite.)
>
> --Andy
More information about the openssh-unix-dev
mailing list