https://bugzilla.mindrot.org/show_bug.cgi?id=3693
--- Comment #4 from renmingshuai <[email protected]> --- (In reply to Damien Miller from comment #3) > I'm still not understanding. How is this an exploit? This looks like > something the user has configured themselves. This is really user configured themselves. The user write the expect script to interact with the sftp. The direct cause of this problem is that the expect script incorrectly matches the keyword from banner message. Is the client allowed to provide an new option to allow user to explicitly disable the display of banners from the server? This is in accordance with section 5.4 of rfc4252. If it's allowed, I can provide the new option. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
