Date: Sun, 11 Feb 2001 12:48:34 -0800 From: Alfred Perlstein <bright@wintelcom.net> To: Kris Kennaway <kris@obsecurity.org> Cc: William Wong <willwong@samurai.com>, freebsd-security@FreeBSD.ORG Subject: Re: Default sshd_config settings Message-ID: <20010211124834.T3274@fw.wintelcom.net> In-Reply-To: <20010211121803.A78601@mollari.cthul.hu>; from kris@obsecurity.org on Sun, Feb 11, 2001 at 12:18:04PM -0800 References: <000701c0945c$eb3eaff0$0300a8c0@magus> <20010211121803.A78601@mollari.cthul.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
* Kris Kennaway <kris@obsecurity.org> [010211 12:20] wrote: > On Sun, Feb 11, 2001 at 02:00:36PM -0500, William Wong wrote: > > Hi there, > > > > I wondering why only protocol 1 is enabled by default in sshd? Is there a > > risk with using protocol 2 (or both?) > > It's not - you must have an out of date file, or are using an old > version of -stable (very old versions of OpenSSH didn't support > protocol 2). > > The risk is actually with protocol 1 -- it has protocol flaws which > have been known for quite a while, independent of the recently > discovered attacks. You should disable it unless you need it. I've heard that there's still no agent or authentication forwarding for ssh2 and dsa keys, have you heard about an ETA of these features? -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010211124834.T3274>