authorized_keys2 directory idea
Rob Hagopian
rob at hagopian.net
Tue Jun 5 06:25:49 EST 2001
>From FreeBSD-SA-01:24.ssh.asc:
"If you are running sshd, disable the use of the SSH1 protocol in
OpenSSH. SSH1 contains inherent protocol deficiencies and is not
recommended for use in high-security environments. Note that some
third-party SSH clients are not capable of using the SSH2 protocol,
however the OpenSSH client (version 2.1 and later) included in FreeBSD
is SSH2-capable."
No, it doesn't matter to me, although all of our higher security boxes
have ssh1 turned off.
It does worry me that openssh still has a significant amount of ssh.com
v1.2.xx code in it. I'm sure it's been audited a number of times, but
problems have still cropped up in it recently...
-Rob
On Mon, 4 Jun 2001, Markus Friedl wrote:
> On Mon, Jun 04, 2001 at 12:27:20PM -0400, Rob Hagopian wrote:
> > So now security decisions are made via stats user stats and not on the
> > security merits? That's in direct contradiction to your reasoning for
> > excluding this patch.
>
> what's wrong with protocol v1? does it matter to you?
>
More information about the openssh-unix-dev
mailing list