On 21/05/15 21:31, Daniel Zahn wrote:
Finding the right balance between security and supporting older
clients can sometimes be tough, so sorry for any possible inconvience
caused and let us know if any other issues that can't be solved by
upgrading clients.
Best regards,
Daniel
Thanks for your work into safe ciphers, Daniel.
Is the list of compatible ssh clients after all such cipher stripping
documented somewhere?
Also, I take the opportunity of warning everyone that there are
trojanized putty versions out there¹ that send out the user credentials
to the Bad Guys (not a risk for labs, but the same ssh client may be
used for other servers where passphrase authentication *is* enabled).
The official PuTTY web page is at
http://www.chiark.greenend.org.uk/~sgtatham/putty/ with putty.zip 0.64
sha256 being
ff7a0bde4008208a5e30097336c5a41a4ae99fb097839c01ca74cbff19cbe666
Needless to say, PuTTY users should be using the last version (0.64,
released 2015-02-28), there are several crashes prior to 0.63 and
although 0.64 does not really have big fixes (albeit the default of
allowing a SSH-1 downgrade is a bit scary), there's little reason for
not upgrading.
(I am assuming *nix users don't need to be reminded about using an
updated client… Mac OS users maybe?)
Have a safe ssh connection!
¹ http://blogs.cisco.com/security/trojanized-putty-software
http://www.symantec.com/connect/blogs/check-your-sources-trojanized-open-source-ssh-software-used-steal-information
_______________________________________________
Labs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/labs-l
