[Patch] TCP MD5SIG for OpenSSH
Alex Bligh
alex at alex.org.uk
Fri Jan 15 23:45:41 AEDT 2016
On 15 Jan 2016, at 11:27, Malcolm <opensshdev at r.paypc.com> wrote:
> Quoting Alex Bligh <alex at alex.org.uk>:
>
>> So could they exchange a secret as part of the session, obviating
>> the need for any set up?
>
> If by set up, you mean "the rest of the SSH authentication", then surely not.
> MD5 pre-shared secrets are probably fine for "port-knocking" or even
> RST-proofing purposes, but not for authenticating SSH sessions to servers.
No not at all. I meant obviating the need for separately presharing
an MD5SIG key. Clearly this is additional to the existing authentication
and encryption and not in any way a substitution. It's designed to
prevent (e.g.) RST attacks.
--
Alex Bligh
More information about the openssh-unix-dev
mailing list