From owner-freebsd-stable Tue Oct 2 18:14:32 2001 Delivered-To: freebsd-stable@freebsd.org Received: from va.cs.wm.edu (va.cs.wm.edu [128.239.2.31]) by hub.freebsd.org (Postfix) with ESMTP id E69A437B406 for ; Tue, 2 Oct 2001 18:14:28 -0700 (PDT) Received: from dali.cs.wm.edu (dali [128.239.26.26]) by va.cs.wm.edu (8.11.4/8.9.1) with ESMTP id f931DcV28267 for ; Tue, 2 Oct 2001 21:13:38 -0400 (EDT) Received: (from zvezdan@localhost) by dali.cs.wm.edu (8.11.6/8.9.1) id f931ESB25206 for stable@FreeBSD.ORG; Tue, 2 Oct 2001 21:14:28 -0400 Date: Tue, 2 Oct 2001 21:14:28 -0400 From: Zvezdan Petkovic To: stable@FreeBSD.ORG Subject: Re: SSH Problem Message-ID: <20011002211428.B24931@dali.cs.wm.edu> Mail-Followup-To: stable@FreeBSD.ORG References: <20011002205800.A24931@dali.cs.wm.edu> <200110030107.f9317Sk12340@ptavv.es.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200110030107.f9317Sk12340@ptavv.es.net>; from oberman@es.net on Tue, Oct 02, 2001 at 06:07:28PM -0700 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, Oct 02, 2001 at 06:07:28PM -0700, Kevin Oberman wrote: > > Date: Tue, 2 Oct 2001 20:58:00 -0400 > > From: Zvezdan Petkovic > > Sender: owner-freebsd-stable@FreeBSD.ORG > > > > I do not understand why FreeBSD still distributes OpenSSH 2.3.x as > > default and OpenSSH 2.9 as a port. As you can see it is already at 2.9.9 > > version. If you still use Protocol 1 you should be aware that your > > system is _very_ vulnerable since there is a software that can sniff on > > that version of SSH protocol. _RUN_ and update to Protocol 2 and > > preferably the latest OpenSSH version. :-) > > It does not distribute 2.3 with either stable or current. It was > included (with security patches) in 4.4-release. > I meant release, when I said default, because for people who install for the first time from a 4.4 CD image that is the default. Of course, I immediatelly went ahead and installed that 2.9 port. When I get some time I'll update to 2.9.9 either directly from OpenBSD ftp site adjusting my ports tree, or wait a little, perhaps the maintainer will do that soon. Cheers, -- Zvezdan Petkovic http://www.cs.wm.edu/~zvezdan/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message