From owner-freebsd-security Sun Feb 11 12:51: 7 2001 Delivered-To: freebsd-security@freebsd.org Received: from mta5.snfc21.pbi.net (mta5.snfc21.pbi.net [206.13.28.241]) by hub.freebsd.org (Postfix) with ESMTP id 4960E37B401 for ; Sun, 11 Feb 2001 12:51:05 -0800 (PST) Received: from xor.obsecurity.org ([63.207.60.67]) by mta5.snfc21.pbi.net (Sun Internet Mail Server sims.3.5.2000.01.05.12.18.p9) with ESMTP id <0G8M00F6E1QQFX@mta5.snfc21.pbi.net> for freebsd-security@FreeBSD.ORG; Sun, 11 Feb 2001 12:47:14 -0800 (PST) Received: by xor.obsecurity.org (Postfix, from userid 1000) id AF80966B32; Sun, 11 Feb 2001 12:49:58 -0800 (PST) Date: Sun, 11 Feb 2001 12:49:58 -0800 From: Kris Kennaway Subject: Re: Default sshd_config settings In-reply-to: <20010211124834.T3274@fw.wintelcom.net>; from bright@wintelcom.net on Sun, Feb 11, 2001 at 12:48:34PM -0800 To: Alfred Perlstein Cc: William Wong , freebsd-security@FreeBSD.ORG Message-id: <20010211124958.A79375@mollari.cthul.hu> MIME-version: 1.0 Content-type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="envbJBWh7q8WU6mo" Content-disposition: inline User-Agent: Mutt/1.2.5i References: <000701c0945c$eb3eaff0$0300a8c0@magus> <20010211121803.A78601@mollari.cthul.hu> <20010211124834.T3274@fw.wintelcom.net> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --envbJBWh7q8WU6mo Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Feb 11, 2001 at 12:48:34PM -0800, Alfred Perlstein wrote: > * Kris Kennaway [010211 12:20] wrote: > > On Sun, Feb 11, 2001 at 02:00:36PM -0500, William Wong wrote: > > > Hi there, > > >=20 > > > I wondering why only protocol 1 is enabled by default in sshd? Is th= ere a > > > risk with using protocol 2 (or both?) > >=20 > > It's not - you must have an out of date file, or are using an old > > version of -stable (very old versions of OpenSSH didn't support > > protocol 2). > >=20 > > The risk is actually with protocol 1 -- it has protocol flaws which > > have been known for quite a while, independent of the recently > > discovered attacks. You should disable it unless you need it. >=20 > I've heard that there's still no agent or authentication forwarding > for ssh2 and dsa keys, have you heard about an ETA of these features? You've heard, or you've researched and found to still be true? :) Kris --envbJBWh7q8WU6mo Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6hvr2Wry0BWjoQKURAv0WAJ9MpZqex0BW0qT0licjlk3OQiBLPQCgrC6Y TA2UWC8+e/xEDwEIWfQOLVs= =/D49 -----END PGP SIGNATURE----- --envbJBWh7q8WU6mo-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message