Date: Thu, 15 Feb 2001 12:30:20 +0100 (CET) From: Jan Conrad <conrad@th.physik.uni-bonn.de> To: <freebsd-security@freebsd.org> Cc: Ralph Schreyer <schreyer@th.physik.uni-bonn.de> Subject: Why does openssh protocol default to 2? Message-ID: <Pine.BSF.4.33.0102151204150.41000-100000@merlin.th.physik.uni-bonn.de>
next in thread | raw e-mail | index | archive | help
Hello, for quite a long time now I cannot understand why people encourage others for using ssh2 by default and I wanted to ask the readers of this list for their opinion. Even though I believe people saying that ssh2 is much more secure for root accounts and servers etc. I don't see why this should be true in general. Especially on bigger, say university networks as ours, where you often find BNC segments or the switches are more or less acessible to everyone (who really wants to...) in my opinion ssh2 is much more insecure as ssh1. My problem simply is that the id_dsa file is stored in user home dirs, which typically are mounted via NFS. So ssh2, in contrast to ssh1 with RSAAuthentication disabled, allows sniffers to access your system even without *actively* attacking your system, all you need is the id_dsa file.... Even if that file is protected by a passphrase, you don't gain much... In conclusion, I would like to have the ssh protocol defaulted to 1 with RSAAuthentication disabled; of course, people who install servers and security specific stuff should know not to use that for their uses, but most other people simply install the default. best regards Jan -- Physikalisches Institut der Universitaet Bonn Nussallee 12 D-53115 Bonn GERMANY To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0102151204150.41000-100000>