Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 11 Feb 2001 17:29:55 -0800
From:      Peter Wemm <peter@netplex.com.au>
To:        Alfred Perlstein <bright@wintelcom.net>
Cc:        Kris Kennaway <kris@obsecurity.org>, William Wong <willwong@samurai.com>, freebsd-security@FreeBSD.ORG
Subject:   Re: Default sshd_config settings 
Message-ID:  <200102120129.f1C1TtU43402@mobile.wemm.org>
In-Reply-To: <20010211130149.U3274@fw.wintelcom.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
Alfred Perlstein wrote:
> * Kris Kennaway <kris@obsecurity.org> [010211 12:50] wrote:
> > On Sun, Feb 11, 2001 at 12:48:34PM -0800, Alfred Perlstein wrote:
> > > * Kris Kennaway <kris@obsecurity.org> [010211 12:20] wrote:
> > > > On Sun, Feb 11, 2001 at 02:00:36PM -0500, William Wong wrote:
> > > > > Hi there,
> > > > > 
> > > > > I wondering why only protocol 1 is enabled by default in sshd?  Is th
    ere a
> > > > > risk with using protocol 2 (or both?)
> > > > 
> > > > It's not - you must have an out of date file, or are using an old
> > > > version of -stable (very old versions of OpenSSH didn't support
> > > > protocol 2).
> > > > 
> > > > The risk is actually with protocol 1 -- it has protocol flaws which
> > > > have been known for quite a while, independent of the recently
> > > > discovered attacks. You should disable it unless you need it.
> > > 
> > > I've heard that there's still no agent or authentication forwarding
> > > for ssh2 and dsa keys, have you heard about an ETA of these features?
> > 
> > You've heard, or you've researched and found to still be true? :)
> 
> Usually hearing something from Peter Wemm qualifies as research... :)

Alfred: I will send you an ABA routing number and account number.  Please
transfer US$500000 to it and you'll have ssh2 forwarding and agent in less
than a week, if not already. :-)

Cheers,
-Peter
--
Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au
"All of this is for nothing if we don't go to the stars" - JMS/B5



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102120129.f1C1TtU43402>