can compression be safely used with SSH?

Damien Miller djm at
Mon Dec 1 08:22:53 EST 2014

On Sun, 30 Nov 2014, Philippe Cerfon wrote:

> > It's theoretically possible to force a rekeying after authentication
> > with new options, but this is slow: several client/server round-trips
> > plus the potentially very slow key exchange crypto. IMO it's too slow
> > and confusing to be worth implementing.
> Would it be difficult to implement? I guess it's the only clean way
> then to restrict compression to certain users (if killing the
> connection isn't an option).
> And the slowness would probably not really matter, since it's only
> necessary to work like that, when being used in a Match section, which
> most people will never do.
> Shall I open a wishlist ticket about that?

Sure, if you like. As I said though, I don't plan on working on it but
someone else might think it worthwhile.


More information about the openssh-unix-dev mailing list