can compression be safely used with SSH?
Philippe Cerfon
philcerf at gmail.com
Sun Nov 30 16:28:21 EST 2014
> Killing the connection if the client suggests the wrong option is
> quite hostile to the user. I don't think we'd want that.
>
> It's theoretically possible to force a rekeying after authentication
> with new options, but this is slow: several client/server round-trips
> plus the potentially very slow key exchange crypto. IMO it's too slow
> and confusing to be worth implementing.
Would it be difficult to implement? I guess it's the only clean way
then to restrict compression to certain users (if killing the
connection isn't an option).
And the slowness would probably not really matter, since it's only
necessary to work like that, when being used in a Match section, which
most people will never do.
Shall I open a wishlist ticket about that?
Thanks,
Philippe
More information about the openssh-unix-dev
mailing list