* Michael Richardson <m...@sandelman.ca> [24.12.2015 22:14]: > 2) if the user is "used" to a key mismatch, and they type their password in, > the password has just been compromised.
this is indeed true for IPv6/linklocal > A better approach is that the ssh daemon should start, open port 22, and then > do SSHv2 transport mode up to the key-exchange, and then just respond to > keep alives, ideally with a message to "Please stand by", if we can find > a way to do that in-protocol. (wow. it's been 18 years since I worked at > ssh...) this is very interesting. i'am not sure how big this impact is to the dropbear codebase, but i like it. thanks for your feedback. bye, bastian _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel