Re: [gentoo-user] requirement: ssh v1
On Thu, May 16, 2019 at 6:45 AM Stefan G. Weichinger wrote: > > > At a customer we still have to keep up an ancient Suse 6.x VM, it has a > legacy and proprietary software in it which has to be kept alive. > > No way to move that sw to another OS, don't ask ... > Any chance to just attach to the VM console, or a serial console on that VM tied it back to a serial console on another host that runs modern tools, taking the SSHv1 offline? It's providing more vulnerability than it is security. -- Poison [BLX] Joshua M. Murphy
Re: [gentoo-user] requirement: ssh v1
On Thu, May 16, 2019 at 8:09 AM Michael Orlitzky wrote: > > Otherwise, your best bet is to install a modern Gentoo system, and then > downgrade OpenSSH. > ++ assuming it builds, which it probably would. I'd just stick the old ebuild in an overlay and mask out the gentoo repo for that package (I assume mask atoms can take a repo name). If the old openssh doesn't build then you're going to have a more difficult situation. A container does seem like a reasonable solution for this, if you're just doing this for the ssh client. You could also just use a chroot, though these days I have completely replaced chroots with containers as the latter are almost universally better. -- Rich
Re: [gentoo-user] requirement: ssh v1
Am 16.05.19 um 14:09 schrieb Michael Orlitzky: > On 5/16/19 6:44 AM, Stefan G. Weichinger wrote: >> >> Will I be able to install such a "kept old" gentoo machine from scratch >> or does some have a better idea? >> > > Does it *need* SSHv1, or does the default sshd *run* SSHv1? It *is* SSHv1 ... v2 didn't exist back then ;-) > If it's the latter, you might be able to compile a newer OpenSSH from > source to get the modern protocol, obviating the need for the extra host. > > Otherwise, your best bet is to install a modern Gentoo system, and then > downgrade OpenSSH. I setup a small VM with debian 8 ... seems to work. thanks, sorry for the noise
Re: [gentoo-user] requirement: ssh v1
On 5/16/19 6:44 AM, Stefan G. Weichinger wrote: > > Will I be able to install such a "kept old" gentoo machine from scratch > or does some have a better idea? > Does it *need* SSHv1, or does the default sshd *run* SSHv1? If it's the latter, you might be able to compile a newer OpenSSH from source to get the modern protocol, obviating the need for the extra host. Otherwise, your best bet is to install a modern Gentoo system, and then downgrade OpenSSH.