can compression be safely used with SSH?
Damien Miller
djm at mindrot.org
Mon Dec 1 08:22:53 EST 2014
On Sun, 30 Nov 2014, Philippe Cerfon wrote:
> > It's theoretically possible to force a rekeying after authentication
> > with new options, but this is slow: several client/server round-trips
> > plus the potentially very slow key exchange crypto. IMO it's too slow
> > and confusing to be worth implementing.
>
> Would it be difficult to implement? I guess it's the only clean way
> then to restrict compression to certain users (if killing the
> connection isn't an option).
> And the slowness would probably not really matter, since it's only
> necessary to work like that, when being used in a Match section, which
> most people will never do.
>
> Shall I open a wishlist ticket about that?
Sure, if you like. As I said though, I don't plan on working on it but
someone else might think it worthwhile.
-d
More information about the openssh-unix-dev
mailing list