From owner-freebsd-security Sun Feb 11 13: 1:57 2001 Delivered-To: freebsd-security@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id DD52D37B491 for ; Sun, 11 Feb 2001 13:01:55 -0800 (PST) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id f1BL1nL03963; Sun, 11 Feb 2001 13:01:49 -0800 (PST) Date: Sun, 11 Feb 2001 13:01:49 -0800 From: Alfred Perlstein To: Kris Kennaway Cc: William Wong , freebsd-security@FreeBSD.ORG Subject: Re: Default sshd_config settings Message-ID: <20010211130149.U3274@fw.wintelcom.net> References: <000701c0945c$eb3eaff0$0300a8c0@magus> <20010211121803.A78601@mollari.cthul.hu> <20010211124834.T3274@fw.wintelcom.net> <20010211124958.A79375@mollari.cthul.hu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010211124958.A79375@mollari.cthul.hu>; from kris@obsecurity.org on Sun, Feb 11, 2001 at 12:49:58PM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * Kris Kennaway [010211 12:50] wrote: > On Sun, Feb 11, 2001 at 12:48:34PM -0800, Alfred Perlstein wrote: > > * Kris Kennaway [010211 12:20] wrote: > > > On Sun, Feb 11, 2001 at 02:00:36PM -0500, William Wong wrote: > > > > Hi there, > > > > > > > > I wondering why only protocol 1 is enabled by default in sshd? Is there a > > > > risk with using protocol 2 (or both?) > > > > > > It's not - you must have an out of date file, or are using an old > > > version of -stable (very old versions of OpenSSH didn't support > > > protocol 2). > > > > > > The risk is actually with protocol 1 -- it has protocol flaws which > > > have been known for quite a while, independent of the recently > > > discovered attacks. You should disable it unless you need it. > > > > I've heard that there's still no agent or authentication forwarding > > for ssh2 and dsa keys, have you heard about an ETA of these features? > > You've heard, or you've researched and found to still be true? :) Usually hearing something from Peter Wemm qualifies as research... :) Is this new in 2.3.0 (time to update the port then?) It seems to all work now. :) -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message