Date: Sun, 27 Feb 2000 01:22:33 -0800 (PST) From: Kris Kennaway <kris@FreeBSD.org> To: Doug White <dwhite@resnet.uoregon.edu> Cc: Bjoern Groenvall <bg@sics.se>, "Jordan K. Hubbard" <jkh@zippy.cdrom.com>, current@FreeBSD.ORG, markm@FreeBSD.ORG Subject: Re: OpenSSH /etc patch Message-ID: <Pine.BSF.4.21.0002270120410.40414-100000@freefall.freebsd.org> In-Reply-To: <Pine.BSF.4.21.0002270102300.63350-100000@resnet.uoregon.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 27 Feb 2000, Doug White wrote: > > I don't follow you - if no host key is generated, then you can't ever use > > the RSA-rhosts authentication mechanism to log into another server until > > you do. Thus part of ssh's functionality is broken until you generate that > > key, so we do it for you the first time you boot. > > I was under the impression that host keys are exchanged before the > authentication type is selected, so a) the identity of the remote is > compared to known_hosts and reacted to accordingly, and b) the remainder > of the session is encrypted no matter what auth type (so, i.e., the > password is encrypted if RSA keys are not used). Thats what I actually thought too, but the comment in the source argues otherwise. I confess I don't know all that much about the SSH encryption protocols in detail. Kris ---- "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0002270120410.40414-100000>