Re: On why debugging OpenSSH can be so hard
- From: Tonnerre Lombard <tonnerre.lombard@xxxxxxxxxx>
- Date: Fri, 4 Jul 2008 08:57:41 +0200
Salut, Maurice,
On Tue, 1 Jul 2008 16:02:46 -0400, Maurice Volaski wrote:
It turns out it was intentionally presenting me with misinformation.
You see, there was no key file present where it was looking. I
thought it was looking in one place, but it was actually looking in
another.
Fail quietly, indeed! It's not simply doing this under ordinary
operation, but even in debug operation, even under debug level 3. In
the perfect place where it can tell us quite informatively what's
about to go wrong--there is nothing!
So in case you're wondering why debugging OpenSSH can be so hard, now
you know.
Please bear in mind that in the world of cryptography, the difference
between proper error messages and information disclosure
vulnerabilities is narrow, or only a nuance.
Tonnerre
--
SyGroup GmbH
Tonnerre Lombard
Solutions Systematiques
Tel:+41 61 333 80 33 Güterstrasse 86
Fax:+41 61 383 14 67 4053 Basel
Web:www.sygroup.ch tonnerre.lombard@xxxxxxxxxx
Attachment:
signature.asc
Description: PGP signature
- Follow-Ups:
- Re: On why debugging OpenSSH can be so hard
- From: Derek Martin
- Re: On why debugging OpenSSH can be so hard
- From: Maurice Volaski
- Re: On why debugging OpenSSH can be so hard
- References:
- On why debugging OpenSSH can be so hard
- From: Maurice Volaski
- On why debugging OpenSSH can be so hard
- Prev by Date: Re: Enforce Passphrase on keys
- Next by Date: Help with "Go away, you don't exist" error message
- Previous by thread: On why debugging OpenSSH can be so hard
- Next by thread: Re: On why debugging OpenSSH can be so hard
- Index(es):
