Why hostkeys-00 at openssh.com is following user authentication?
Alon Bar-Lev
alon.barlev at gmail.com
Thu Dec 24 02:13:16 AEDT 2015
Hello,
This hostkeys extension is great, reading[1]:
"""
OpenSSH supports a protocol extension allowing a server to inform a
client of all its protocol v.2 host keys after user-authentication has
completed.
"""
I wonder, why should user authentication be completed before this
functionality is available? This means that ssh-keyscan tool (for
example) cannot take advantage of the functionality.
The only reason I could think of (apart of sshd internal
implementation ordering) is to avoid cpu load attack of anonymous
clients forcing server to perform expensive operations.
However, a similar attack can be achieved by multiple connections and/or re-kex.
In sshd.c I see hostkeys-00 at openssh.com sent before calling
do_authenticated(), so I even more curios.
Thanks!
Alon Bar-Lev.
[1] https://github.com/openssh/openssh-portable/blob/master/PROTOCOL#L284
More information about the openssh-unix-dev
mailing list