From owner-freebsd-current Sun Feb 27 1:22:36 2000 Delivered-To: freebsd-current@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id E119737B52B; Sun, 27 Feb 2000 01:22:34 -0800 (PST) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id BAA40554; Sun, 27 Feb 2000 01:22:34 -0800 (PST) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Sun, 27 Feb 2000 01:22:33 -0800 (PST) From: Kris Kennaway To: Doug White Cc: Bjoern Groenvall , "Jordan K. Hubbard" , current@FreeBSD.ORG, markm@FreeBSD.ORG Subject: Re: OpenSSH /etc patch In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, 27 Feb 2000, Doug White wrote: > > I don't follow you - if no host key is generated, then you can't ever use > > the RSA-rhosts authentication mechanism to log into another server until > > you do. Thus part of ssh's functionality is broken until you generate that > > key, so we do it for you the first time you boot. > > I was under the impression that host keys are exchanged before the > authentication type is selected, so a) the identity of the remote is > compared to known_hosts and reacted to accordingly, and b) the remainder > of the session is encrypted no matter what auth type (so, i.e., the > password is encrypted if RSA keys are not used). Thats what I actually thought too, but the comment in the source argues otherwise. I confess I don't know all that much about the SSH encryption protocols in detail. Kris ---- "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message