can compression be safely used with SSH?

Philippe Cerfon philcerf at gmail.com
Sun Nov 23 05:19:29 EST 2014


Hello.

>Even if delayed compression is only activated after authentication,
>the the fact that delayed compression will be used has already been
>negotiated before authentication and can't be changed retroactively.

Couldn't the server simply abort a connection in the case that it sees
that the negotiated compression algorithm doesn't fit, once the user
is determined?
Bailing out with some error message, before the client could have done anything.

This is perhaps not the cleanest way, but in practise it should do
quite well, and the same could possibly be done to allow many others
of directives to be used inside Match, for which this is currently
impossible.
One could for example restrict certain authentication methods (or
their options) to certain users/groups.

Regards,
Philippe


More information about the openssh-unix-dev mailing list