it was said: > I think what you are saying is that if you use PuTTY as a client > application that you should be concerned about what server you > connect to? From what you are saying, I suspect that if the only > use is to connect to your own (FreeBSD) server, you are probably ok? > > Jay O'Brien
Hello, To quote from the link: In SSH2, an attacker impersonating a trusted host can launch an attack before the client has the ability to determine the difference between the trusted and fake host. This attack is performed before host key verification. Presuming one were connecting over "private" network IP space by IP address only, then I believe you are correct. I can imagine scenarios in which if one were to connect over the Internet or even into a different network segment using DNS that one would be at risk. The vendor has a patched the hole and released 0.55, recommending all users update. If I were using this software, I would take their advice. Note: Apparently, a "Unix" version exists, and the source code is available under the MIT Licence. So I guess my post was "completely" OT. HTH, Stheg __________________________________ Do you Yahoo!? Y! Messenger - Communicate in real time. Download now. http://messenger.yahoo.com _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"