IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: [saag] draft-kwatsen-reverse-ssh submission for review
> I'm a server if I listen on the ssh port. On that port you should
> indicate or negotiate specifics of each side's behavior in-band IMO.
This sounds like a reasonable point of view to me.
If your reversed ssh runs kex with roles reversed (ie, connection
initiator takes the server's role, presenting its host key and such),
then a passive snooper can tell the difference, so you might as well
trigger the role reversal with a pre-kex extension packet.
If your reversd ssh runs kex normally (initiator takes the client's
role) but reverses things after that, then you can do it with an
extension packet immediately after kex (before, and/or instead of, what
would normally be userauth).
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse%rodents-montreal.org@localhost
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Home |
Main Index |
Thread Index |
Old Index