> > ssh2.c blindly sends out the password;
> Big difference. Did you look at the kbdint RFC?
Yes. Did you look at ssh2.c? It blindly sends the password *for
keyboard-interactive*; my patch basically copies what it does. I'm not
saying that password and keyboard-interactive should be treated the
same way, this is clearly wrong. I am saying the libssh2 examples
should be consistent with each other.
> Or just use publickey and get decent security at the same time.
Absolutely. However, I just started looking into libssh2 and my
primary interest at this point is a proof-of-concept to make sure
things work for my use case, not to get everything perfect the first
go-around.
> I think an error message would already be a big improvement.
Sure.
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2010-04-21