On Thu, 18 Jan 2001, Nate Amsden wrote: > Benjamin Pharr wrote: > > While logging into my Debian box using ssh I noticed that it is setup to > > use SSH version 1 by default. This protocol is widely known to have > > security problems. Does anyone know why Debian is still using it? Below I > > have pasted a link from the official ssh.org FAQ. > > and which security "problems" are you referring to? i read every bugtraq
ssh protocol v1. is extremely braindamaged, in the sense that it uses constant signed authenticators for a given set of endpoints (and maybe users, I don't recall). At least, that's what I could get from the available discussions on the issue in the security foruns (see the slashdot 'articles' for links to them, I don't recall the URLs). A sucessfull MIDM attack against ssh protocol 1 gives you access to the target machine forever. The same attack against ssh protocol 2 gives you access only if you hijack that (ongoing) connection, or if you manage to futher compromise the target's security (install a trojan, capture a password, etc). So, yes, ssh v1 is indeed MUCH worse than ssh v2. They're still unsafe unless you deploy a PKI structure to have the server's public keys available (and also known not to be tampered) to the users before first connection. All the the other common issues when dealing with public-key crypto need to be addressed as well. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh
pgps05Nh7HuyV.pgp
Description: PGP signature