[Patch] TCP MD5SIG for OpenSSH

Alex Bligh alex at alex.org.uk
Fri Jan 15 19:48:02 AEDT 2016


On 14 Jan 2016, at 08:20, Thomas ☃ Habets <habets at google.com> wrote:

> The socket option is enabled *after* connection establishment, thus
> doesn't protect against SYN floods. This is because server doesn't
> know (in userspace) what the address of the peer is until they
> connect. Again because signed addresses.

So could they exchange a secret as part of the session, obviating
the need for any set up?

-- 
Alex Bligh






More information about the openssh-unix-dev mailing list