Hi!
> Because passphrase-less hostkeys are 'encrypted' with cipher "none"
> the code for this cipher is always compiled into the programs. This
> way the client is free to choose "none" and no server will complain.
And what? Malicious ssh client can make non-encrypted connection. But
malicious ssh client can also send carbon-copy of all communication to
www.cia.org:5000! There's no way to protect from malicious ssh
clients...
> The current version OpenSSH-1.2.1 is not vulnerable. The obvious
...and I don't see why this is called vulnerability.
Pavel
--
I'm [EMAIL PROTECTED] "In my country we have almost anarchy and I don't care."
Panos Katsaloulis describing me w.r.t. patents me at [EMAIL PROTECTED]
