[EMAIL PROTECTED] on 2000.07.07 13:13:00
>Do you mean that the SSH client program should set those? It'd be trivial
>to cause the client to transmit whatever was desired for those variables,
>so they couldn't be used for security checks by the server.
Yes, but I would qualify your statement to be "It'd be trivial for those with
SSH source (and programming knowledge or SSH protocol comprehension) to cause
the client to transmit whatever was desired for those variables.
>But the SSH server setting those variables when it fires up the user's
>shell, that could have some interesting applications where security isn't
>a major deal.
Exactly. In our environment, I would be 99.99% sure (I can only trust the
sysadmins so much, but then again, they won't have any valid keys) that noone
has tampered with the client.
Noel
This communication is for informational purposes only. It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan & Co. Incorporated, its
subsidiaries and affiliates.
