Date: Thu, 31 Jan 2002 10:02:58 -0600 From: D J Hawkey Jr <hawkeyd@visi.com> To: David Rhodus <sdrhodus@sekurity.net>, security at FreeBSD <freebsd-security@freebsd.org> Subject: Re: OpenSSH protocol 1 in FBSD 4.5-REL Message-ID: <20020131100258.A750@sheol.localdomain> In-Reply-To: <08d301c1aa6e$4548d4d0$1506810a@asgidavid>; from sdrhodus@sekurity.net on Thu, Jan 31, 2002 at 10:45:12AM -0500 References: <20020131093630.A645@sheol.localdomain> <08d301c1aa6e$4548d4d0$1506810a@asgidavid>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jan 31, at 10:45 AM, David Rhodus wrote:
>
> Yes, that has been fixed.
Cool. I have several boxes whose SSH doesn't (and cant!) do protocol 2.
One final Q: If those boxes uses ISC's SSH protocol 1 to connect to my
4.5-REL box, is the connection secure [against man-in-the-middle, etc.]
attacks?
I do understand that those boxes are vulnerable to incoming protocol 1
attacks, but they don't run the daemon, they only do outgoing connections.
Thanks again,
Dave
--
______________________ ______________________
\__________________ \ D. J. HAWKEY JR. / __________________/
\________________/\ hawkeyd@visi.com /\________________/
http://www.visi.com/~hawkeyd/
> ----- Original Message -----
> From: "D J Hawkey Jr" <hawkeyd@visi.com>
> To: "security at FreeBSD" <freebsd-security@freebsd.org>
> Sent: Thursday, January 31, 2002 10:36 AM
> Subject: OpenSSH protocol 1 in FBSD 4.5-REL
>
> > Hi All. Sorry if this has been covered, but I didn't see the answer in the
> > archives.
> >
> > Did the security hole(s) in OpenSSH protocol 1 get fixed for the release
> > of FreeBSD 4.5?
> >
> > TIA,
> > Dave
> >
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020131100258.A750>