Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 11 Feb 2001 12:48:34 -0800
From:      Alfred Perlstein <bright@wintelcom.net>
To:        Kris Kennaway <kris@obsecurity.org>
Cc:        William Wong <willwong@samurai.com>, freebsd-security@FreeBSD.ORG
Subject:   Re: Default sshd_config settings
Message-ID:  <20010211124834.T3274@fw.wintelcom.net>
In-Reply-To: <20010211121803.A78601@mollari.cthul.hu>; from kris@obsecurity.org on Sun, Feb 11, 2001 at 12:18:04PM -0800
References:  <000701c0945c$eb3eaff0$0300a8c0@magus> <20010211121803.A78601@mollari.cthul.hu>

next in thread | previous in thread | raw e-mail | index | archive | help
* Kris Kennaway <kris@obsecurity.org> [010211 12:20] wrote:
> On Sun, Feb 11, 2001 at 02:00:36PM -0500, William Wong wrote:
> > Hi there,
> > 
> > I wondering why only protocol 1 is enabled by default in sshd?  Is there a
> > risk with using protocol 2 (or both?)
> 
> It's not - you must have an out of date file, or are using an old
> version of -stable (very old versions of OpenSSH didn't support
> protocol 2).
> 
> The risk is actually with protocol 1 -- it has protocol flaws which
> have been known for quite a while, independent of the recently
> discovered attacks. You should disable it unless you need it.

I've heard that there's still no agent or authentication forwarding
for ssh2 and dsa keys, have you heard about an ETA of these features?

-- 
-Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org]
"I have the heart of a child; I keep it in a jar on my desk."


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010211124834.T3274>