Difference between ssh1 ssh2 ssh3 3.0.2
Hello all, Can anyone tell the major differences between ssh1 ssh2 ssh3 3.0.2 , etc. Why would I want one as apposed to the other? What are some of the gotchas associated with these? Is one more secure? Are they all interoperable? Has any one broke through ssh1 or ssh2 yet? Or is it just the possibility? Thanks, ---Dean.
Re: Difference between ssh1 ssh2 ssh3 3.0.2
On Fri, Feb 01, 2002 at 03:46:29AM -0800, Dean Roman wrote: Can anyone tell the major differences between ssh1 ssh2 ssh3 3.0.2 , etc. There are two different issues here: SSH the protocol, and SSH the implementation. Only two major versions of the protocol exist: 1 and 2. Use 2 where possible. It is much improved over version 1, and is an IETF standards track protocol. Regarding implementations, there are more issues. The version of ssh in potato is an older version of OpenSSH that supports only protocol version 1. There is also the 'ssh-nonfree' package. It also only implements protocol version 1. Personally, I think these names are misleading. We have essentially renamed OpenSSH to ssh in Debian. In woody we have OpenSSH 2.5.1. It implements SSH protocols 1 and 2. The same holds true for OpenSSH 3.whatever that's in sid right now. Presumable OpenSSH 3.x is better, or else it wouldn't have been released. However, it's also newer and not as well tested (that's part of why it doesn't exist in woody yet). So there may be issues with it. Why would I want one as apposed to the other? You want to use SSH *protocol* version 2. I don't know that version 1 has actually been cracked, but the potential is there; there are proven cryptographic weaknesses in the protocol. OpenSSH 2.x and 3.x are capable of using version 1 of the protocol, which may be necessary if you need to interoperate with an implementation that only supports protocol version 1. noah -- ___ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html pgp44Wo01gKsP.pgp Description: PGP signature
Re: Difference between ssh1 ssh2 ssh3 3.0.2
On Fri, 1 Feb 2002 15:01:26 -0500 Noah Meyerhans [EMAIL PROTECTED] wrote: On Fri, Feb 01, 2002 at 03:46:29AM -0800, Dean Roman wrote: [snip] In woody we have OpenSSH 2.5.1. It implements SSH protocols 1 and 2. The same holds true for OpenSSH 3.whatever that's in sid right now. Presumable OpenSSH 3.x is better, or else it wouldn't have been released. However, it's also newer and not as well tested (that's part of why it doesn't exist in woody yet). So there may be issues with it. OpenSSH 3.0.2p1-4 is in woody. http://packages.debian.org/testing/non-us/ssh.html -- ++ | Ron Johnson, Jr.Home: [EMAIL PROTECTED]| | Jefferson, LA USA http://ronandheather.dhs.org:81| || ! Great Inventors of our time: | !Al Gore - Internet | !Sun Microsystems - Clusters| ++
SSH1 - SSH2 Connectivity
Hello all, I have succesfully installed the debian package for ssh2 (and sshd2) and it works marvellously. The only problem I'm having is that I'm supposed to connect to some machines that are running sshd1 and I get an Illegal protocol version error... How can I work around this problem? Any help is more than welcomed! Thanks. -- From the hands of - dansan - -- Not everything that can be counted counts, and not everything that counts can be counted. -- Albert Einstein
Re: SSH1 - SSH2 Connectivity
First install a ssh1 package (I think the ssh package is it), then do the following (from /usr/share/doc/ssh2/SSH2.QUICKSTART.gz): Then add the following 2 lines to ssh2_config placed at the same directory of sshd2_config. With this configuration, ssh2 client will invoke ssh1 client when contacting SSH1 server. Ssh1Compatibility yes Ssh1Path/usr/local/bin/ssh1 Replace /usr/local/bin with the directory where you installed ssh1 client. Consult the manual pages of sshd and ssh for other configurations. Gerry On Wed, 18 Apr 2001, dansan wrote: Hello all, I have succesfully installed the debian package for ssh2 (and sshd2) and it works marvellously. The only problem I'm having is that I'm supposed to connect to some machines that are running sshd1 and I get an Illegal protocol version error... How can I work around this problem? Any help is more than welcomed! Thanks. -- From the hands of - dansan - -- Not everything that can be counted counts, and not everything that counts can be counted. -- Albert Einstein -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
ssh1-ssh2
In potato I would like to have ssh2 with ssh1 compatibility. I installed ssh-nonfree for ssh1, also installed ssh2, and set in /etc/ssh2_config the option Ssh1AgentCompatibility to traditional.Both daemons were fired up by the installer, and they are now running simultaneously. Is this right? The situation now is that two potato PC-s having both ssh1 and 2 refuse to link up by ssh2, the error msg being Incorrect protocol version However, they accept ssh1 connection from each other. If anyone has an idea how to revive ssh2, please let me know. Geza Gyorgyi Eotvos University, Budapest, Pf. 32, 1518 HUNGARY [EMAIL PROTECTED]
RE: ssh1-ssh2
Better yet, install openssh. it has both sshv1 and sshv2 support. http://www.openssh.com Jason In potato I would like to have ssh2 with ssh1 compatibility. I installed ssh-nonfree for ssh1, also installed ssh2, and set in /etc/ssh2_config the option Ssh1AgentCompatibility to traditional.Both daemons were fired up by the installer, and they are now running simultaneously. Is this right? The situation now is that two potato PC-s having both ssh1 and 2 refuse to link up by ssh2, the error msg being Incorrect protocol version However, they accept ssh1 connection from each other. If anyone has an idea how to revive ssh2, please let me know. Geza Gyorgyi Eotvos University, Budapest, Pf. 32, 1518 HUNGARY [EMAIL PROTECTED] -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: ssh1-ssh2
Geza GYORGYI wrote: In potato I would like to have ssh2 with ssh1 compatibility. I installed ssh-nonfree for ssh1, also installed ssh2, and set in /etc/ssh2_config the option Ssh1AgentCompatibility to traditional.Both daemons were fired up by the installer, and they are now running simultaneously. Is this right? The situation now is that two potato PC-s having both ssh1 and 2 refuse to link up by ssh2, the error msg being Incorrect protocol version However, they accept ssh1 connection from each other. If anyone has an idea how to revive ssh2, please let me know. I believe that ssh2 is running on port instead of the normal port 22. (Cant have both using same port!) If you try to connect with the ssh2 client using the default port (22) then the sshd1 is going to answer and you get a protocol error. Try specifying the port. #ssh -p host dyer
RE: ssh1-ssh2
You shouldn't have sshd1 and 2 start up. Rather, you want sshd2 to start up, and call on sshd1 if someone tries to conect through this method. to do it: - clear the init.d (and or cron) scripts that start up sshd1 - open /etc/ssh2/sshd2_config - set Port to 22 - set ssh1Compatibility and sshd1 path on, as follow: Ssh1Compatibility yes Sshd1Path /usr/sbin/sshd #or wherever your sshd1 daemon is. After that you should be able to connect with both ssh1 and ssh2. -S-