On Fri, Feb 09, 2001 at 12:39:48PM +1100, Adrian wrote:
> Could someone point me in the correct direction for SSH1 install rpm's?
Why not use OpenSSH?
ftp://mirror.aarnet.edu.au/pub/openssh/portable/rpm/
Or just get the source and build it yourself. It's not difficult. You
need to build both OpenSSL and OpenSSH. Or, if you prefer ssh1, you
can get the source for ssh-1.2.30 from
ftp://mirror.aarnet.edu.au/pub/ssh/
Since there was a security hole found recently (it was announced on
bugtraq this morning) in the crc attack detection in ssh1, then if
you use ssh-1.2.x (x > 24), you should apply the following patch:
--- ssh-1.2.30/deattack.c-old Wed Feb 7 19:45:16 2001
+++ ssh-1.2.30/deattack.c Wed Feb 7 19:54:11 2001
@@ -79,7 +79,7 @@
detect_attack(unsigned char *buf, word32 len, unsigned char *IV)
{
static word16 *h = (word16 *) NULL;
- static word16 n = HASH_MINSIZE / HASH_ENTRYSIZE;
+ static word32 n = HASH_MINSIZE / HASH_ENTRYSIZE;
register word32 i, j;
word32 l;
register unsigned char *c;
OpenSSH-2.3.0 doesn't have this bug.
Cheers,
John
--
whois [EMAIL PROTECTED]
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
