Re: [saag] draft-kwatsen-reverse-ssh submission for review

[der Mouse <mouse%Rodents-Montreal.ORG@localhost>]

> I'm a server if I listen on the ssh port.  On that port you should
> indicate or negotiate specifics of each side's behavior in-band IMO.

This sounds like a reasonable point of view to me.

If your reversed ssh runs kex with roles reversed (ie, connection
initiator takes the server's role, presenting its host key and such),
then a passive snooper can tell the difference, so you might as well
trigger the role reversal with a pre-kex extension packet.

If your reversd ssh runs kex normally (initiator takes the client's
role) but reverses things after that, then you can do it with an
extension packet immediately after kex (before, and/or instead of, what
would normally be userauth).

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B