From owner-freebsd-stable Tue Oct 2 17:58: 5 2001 Delivered-To: freebsd-stable@freebsd.org Received: from va.cs.wm.edu (va.cs.wm.edu [128.239.2.31]) by hub.freebsd.org (Postfix) with ESMTP id 2364D37B405 for ; Tue, 2 Oct 2001 17:58:02 -0700 (PDT) Received: from dali.cs.wm.edu (dali [128.239.26.26]) by va.cs.wm.edu (8.11.4/8.9.1) with ESMTP id f930vBV28159 for ; Tue, 2 Oct 2001 20:57:11 -0400 (EDT) Received: (from zvezdan@localhost) by dali.cs.wm.edu (8.11.6/8.9.1) id f930w0P25177 for stable@FreeBSD.ORG; Tue, 2 Oct 2001 20:58:00 -0400 Date: Tue, 2 Oct 2001 20:58:00 -0400 From: Zvezdan Petkovic To: stable@FreeBSD.ORG Subject: Re: SSH Problem Message-ID: <20011002205800.A24931@dali.cs.wm.edu> Mail-Followup-To: stable@FreeBSD.ORG References: <7140000.1002030825@rushlight.kf8nh.apk.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <7140000.1002030825@rushlight.kf8nh.apk.net>; from allbery@ece.cmu.edu on Tue, Oct 02, 2001 at 09:53:46AM -0400 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, Oct 02, 2001 at 09:53:46AM -0400, Brandon S. Allbery KF8NH wrote: > On Tuesday, October 02, 2001 03:22:57 -0700, rsowders@usgs.gov wrote: > +---- > | While that may be the problem, it is supposed to try one and then the > | other. All my machines use either key with no problems. Cvsuped 8 days > +--->8 > > It's supposed to, but my experience is that this doesn't always do what you > expect. I think if it can make an ssh2 connection but you have no > authorized_keys2 (only authorized_keys) then it will prompt for a password. > Be careful about this though. The latest security advisory from OpenBSD advertises the new OpenSSH 2.9.9 with some fixes and states clearly that authorized_keys2 and known_hosts2 (/etc/ssh/ssh_known_hosts2) are considered _deprecated_. OpenSSH will still use them as read only files for compatibility, but the advisory tells that nobody guarantees that future versions will use these files at all. I do not understand why FreeBSD still distributes OpenSSH 2.3.x as default and OpenSSH 2.9 as a port. As you can see it is already at 2.9.9 version. If you still use Protocol 1 you should be aware that your system is _very_ vulnerable since there is a software that can sniff on that version of SSH protocol. _RUN_ and update to Protocol 2 and preferably the latest OpenSSH version. :-) Best regards, -- Zvezdan Petkovic http://www.cs.wm.edu/~zvezdan/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message