Date: Wed, 5 Dec 2001 22:12:26 -0600 From: Glenn Johnson <glennpj@charter.net> To: Ruben de Groot <ruben@1729.net> Cc: Henry smith <getzz11@yahoo.com>, questions@FreeBSD.ORG Subject: Re: upgrade SSHD? Message-ID: <20011206041226.GA969@gforce.johnson.home> In-Reply-To: <007c01c17da4$04adeba0$0801a8c0@lan.1729.net> References: <20011205010035.11722.qmail@web21107.mail.yahoo.com> <007c01c17da4$04adeba0$0801a8c0@lan.1729.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Dec 05, 2001 at 04:46:34PM +0100, Ruben de Groot wrote: > > Right now, I'm using OpenSSH_3.0.1. Do I need to upgrade to 3.0.2 ? > > > There has been a security alert about ssh protocol version 1. > > >From the logs of my servers at work I can see there's a lot of > >scanning > > going on right now, so I think everybody should disable the ssh1 > protocol. You can do this by editing your /etc/ssh/sshd_config file > and changing the line > > Protocol 2,1 > > into > > Protocol 2 > > You don't have to upgrade openssh for this. I am currently using RhostsRSAAuthentication for a cluster of workstations. I tried to get HostbasedAuthentication to work but have not had success. I have HostbasedAuthentication set to yes in sshd_config and I have the DSA host keys in ssh_known_hosts2 but it does not work. Here is the output of ssh -2 -v: OpenSSH_2.9 FreeBSD localisations 20010713, SSH protocols 1.5/2.0, OpenSSL 0x0090601f debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: restore_uid debug1: ssh_connect: getuid 1001 geteuid 0 anon 1 debug1: Connecting to node7.cluster.srrc.usda.gov [192.168.1.7] port 22. debug1: temporarily_use_uid: 1001/1001 (e=0) debug1: restore_uid debug1: temporarily_use_uid: 1001/1001 (e=0) debug1: restore_uid debug1: Connection established. debug1: read PEM private key done: type DSA debug1: identity file /home/glenn/.ssh/id_rsa type -1 debug1: identity file /home/glenn/.ssh/id_dsa type 2 debug1: Remote protocol version 1.99, remote software version OpenSSH_2.9 FreeBSD localisations 20010713 debug1: match: OpenSSH_2.9 FreeBSD localisations 20010713 pat ^OpenSSH Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_2.9 FreeBSD localisations 20010713 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: dh_gen_key: priv key bits set: 118/256 debug1: bits set: 1059/2049 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'node7.cluster.srrc.usda.gov' is known and matches the DSA host key. debug1: Found key in /home/glenn/.ssh/known_hosts2:1 debug1: bits set: 987/2049 debug1: len 55 datafellows 0 debug1: ssh_dss_verify: signature correct debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got SSH2_MSG_SERVICE_ACCEPT debug1: authentications that can continue: publickey,password,keyboard-interactive,hostbased debug1: next auth method to try is publickey debug1: try privkey: /home/glenn/.ssh/id_rsa debug1: try pubkey: /home/glenn/.ssh/id_dsa debug1: authentications that can continue: publickey,password,keyboard-interactive,hostbased debug1: next auth method to try is password Any ideas what I might have wrong? Thanks. -- Glenn Johnson glennpj@charter.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011206041226.GA969>