How do you disable ssh1 protocol with the current ssh on potato ?> ..Craig
-----Original Message----- From: Daniel Polombo [mailto:[EMAIL PROTECTED]] Sent: Monday, January 14, 2002 2:45 PM To: Iain Tatch Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Don't panic (ssh) Iain Tatch wrote: > >>AFAIK, all SSH1 connections are vulnerable to the CRC32 attack. Thus you need >>to use SSH2 protocol. OpenSSH supports SSH2. You need different keys though, >>as SSH2 so far does not support RSA keypairs and needs DSA keys. >> > That's the impression I was under, too. In which case the current stable > release of Debian comes with an sshd which uses protocol 1 and is > therefore open to allowing remote root compromises. Just a quick precision here : you have to _disable_ v1 in order to be protected from that vulnerability. The point here is not that you have to support v2, it's that you have to disallow v1. A recent daemon allowing ssh1 connections is vulnerable. -- Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
