On Sun, 27 Feb 2000, Doug White wrote:
> > I don't follow you - if no host key is generated, then you can't ever use
> > the RSA-rhosts authentication mechanism to log into another server until
> > you do. Thus part of ssh's functionality is broken until you generate that
> > key, so we do it for you the first time you boot.
>
> I was under the impression that host keys are exchanged before the
> authentication type is selected, so a) the identity of the remote is
> compared to known_hosts and reacted to accordingly, and b) the remainder
> of the session is encrypted no matter what auth type (so, i.e., the
> password is encrypted if RSA keys are not used).
Thats what I actually thought too, but the comment in the source argues
otherwise. I confess I don't know all that much about the SSH encryption
protocols in detail.
Kris
----
"How many roads must a man walk down, before you call him a man?"
"Eight!"
"That was a rhetorical question!"
"Oh..then, seven!" -- Homer Simpson
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
