From owner-freebsd-stable  Tue Oct  2 17:58: 5 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from va.cs.wm.edu (va.cs.wm.edu [128.239.2.31])
	by hub.freebsd.org (Postfix) with ESMTP id 2364D37B405
	for <stable@FreeBSD.ORG>; Tue,  2 Oct 2001 17:58:02 -0700 (PDT)
Received: from dali.cs.wm.edu (dali [128.239.26.26])
	by va.cs.wm.edu (8.11.4/8.9.1) with ESMTP id f930vBV28159
	for <stable@FreeBSD.ORG>; Tue, 2 Oct 2001 20:57:11 -0400 (EDT)
Received: (from zvezdan@localhost)
	by dali.cs.wm.edu (8.11.6/8.9.1) id f930w0P25177
	for stable@FreeBSD.ORG; Tue, 2 Oct 2001 20:58:00 -0400
Date: Tue, 2 Oct 2001 20:58:00 -0400
From: Zvezdan Petkovic <zvezdan@CS.WM.EDU>
To: stable@FreeBSD.ORG
Subject: Re: SSH Problem
Message-ID: <20011002205800.A24931@dali.cs.wm.edu>
Mail-Followup-To: stable@FreeBSD.ORG
References: <OF40891511.811B6EE4-ON88256AD9.0038BC32@wr.usgs.gov> <7140000.1002030825@rushlight.kf8nh.apk.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <7140000.1002030825@rushlight.kf8nh.apk.net>; from allbery@ece.cmu.edu on Tue, Oct 02, 2001 at 09:53:46AM -0400
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

On Tue, Oct 02, 2001 at 09:53:46AM -0400, Brandon S. Allbery KF8NH wrote:
> On Tuesday, October 02, 2001 03:22:57 -0700, rsowders@usgs.gov wrote:
> +----
> | While that may be the problem, it is supposed to try one and then the
> | other.  All my machines use either key with no problems.  Cvsuped 8 days
> +--->8
> 
> It's supposed to, but my experience is that this doesn't always do what you 
> expect.  I think if it can make an ssh2 connection but you have no 
> authorized_keys2 (only authorized_keys) then it will prompt for a password.
> 

Be careful about this though. The latest security advisory from OpenBSD
advertises the new OpenSSH 2.9.9 with some fixes and states clearly that 
authorized_keys2 and known_hosts2 (/etc/ssh/ssh_known_hosts2) are
considered _deprecated_. OpenSSH will still use them as read only files
for compatibility, but the advisory tells that nobody guarantees that
future versions will use these files at all.

I do not understand why FreeBSD still distributes OpenSSH 2.3.x as
default and OpenSSH 2.9 as a port. As you can see it is already at 2.9.9
version. If you still use Protocol 1 you should be aware that your
system is _very_ vulnerable since there is a software that can sniff on
that version of SSH protocol. _RUN_ and update to Protocol 2 and
preferably the latest OpenSSH version. :-)

Best regards,
-- 
Zvezdan Petkovic <zvezdan@cs.wm.edu>
http://www.cs.wm.edu/~zvezdan/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message