El Fri, Mar 24, 2006 at 04:28:03PM +0100, Bas Wijnen ens deleità amb les següents paraules:
> The easy part is that the system doesn't have access to the encryption keys. > If the ssh public key was transferred to the user via a separate channel, the > system cannot snoop the connection. That's because the user code does the > decryption, the system code only transports the encrypted data. well, in current ssh, the session private key is a system-global one and I don't know the real process, but this can't work if the current ssh clients first handshake on a way to encrypt the session and after that is when the client gives the username and password I mean, when the user server gets the connection, it is already encrypted, so unless a re-negotiation of session encryption takes place, any of the programs that handled that connection cap. to the user server could be snooping on it... am I wrong? Read you, Lluis -- "And it's much the same thing with knowledge, for whenever you learn something new, the whole world becomes that much richer." -- The Princess of Pure Reason, as told by Norton Juster in The Phantom Tollbooth Listening: Van Halen (The Best Of Both Worlds) - 09. Pista 09 _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
