From owner-freebsd-security Sun Feb 11 17:40:53 2001 Delivered-To: freebsd-security@freebsd.org Received: from mobile.wemm.org (c1315225-a.plstn1.sfba.home.com [65.0.135.147]) by hub.freebsd.org (Postfix) with ESMTP id F2D8437B491 for ; Sun, 11 Feb 2001 17:40:49 -0800 (PST) Received: from netplex.com.au (localhost [127.0.0.1]) by mobile.wemm.org (8.11.1/8.11.1) with ESMTP id f1C1TtU43402; Sun, 11 Feb 2001 17:29:55 -0800 (PST) (envelope-from peter@netplex.com.au) Message-Id: <200102120129.f1C1TtU43402@mobile.wemm.org> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 To: Alfred Perlstein Cc: Kris Kennaway , William Wong , freebsd-security@FreeBSD.ORG Subject: Re: Default sshd_config settings In-Reply-To: <20010211130149.U3274@fw.wintelcom.net> Date: Sun, 11 Feb 2001 17:29:55 -0800 From: Peter Wemm Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Alfred Perlstein wrote: > * Kris Kennaway [010211 12:50] wrote: > > On Sun, Feb 11, 2001 at 12:48:34PM -0800, Alfred Perlstein wrote: > > > * Kris Kennaway [010211 12:20] wrote: > > > > On Sun, Feb 11, 2001 at 02:00:36PM -0500, William Wong wrote: > > > > > Hi there, > > > > > > > > > > I wondering why only protocol 1 is enabled by default in sshd? Is th ere a > > > > > risk with using protocol 2 (or both?) > > > > > > > > It's not - you must have an out of date file, or are using an old > > > > version of -stable (very old versions of OpenSSH didn't support > > > > protocol 2). > > > > > > > > The risk is actually with protocol 1 -- it has protocol flaws which > > > > have been known for quite a while, independent of the recently > > > > discovered attacks. You should disable it unless you need it. > > > > > > I've heard that there's still no agent or authentication forwarding > > > for ssh2 and dsa keys, have you heard about an ETA of these features? > > > > You've heard, or you've researched and found to still be true? :) > > Usually hearing something from Peter Wemm qualifies as research... :) Alfred: I will send you an ABA routing number and account number. Please transfer US$500000 to it and you'll have ssh2 forwarding and agent in less than a week, if not already. :-) Cheers, -Peter -- Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message