Hi! > Because passphrase-less hostkeys are 'encrypted' with cipher "none" > the code for this cipher is always compiled into the programs. This > way the client is free to choose "none" and no server will complain. And what? Malicious ssh client can make non-encrypted connection. But malicious ssh client can also send carbon-copy of all communication to www.cia.org:5000! There's no way to protect from malicious ssh clients... > The current version OpenSSH-1.2.1 is not vulnerable. The obvious ...and I don't see why this is called vulnerability. Pavel -- I'm pavelat_private "In my country we have almost anarchy and I don't care." Panos Katsaloulis describing me w.r.t. patents me at discussat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:21:02 PDT