Another round of testing calls.

Wojtek Pilorz wpilorz at bdk.pl
Fri Oct 26 19:45:57 EST 2001


On Tue, 23 Oct 2001 mouring at etoh.eviladmin.org wrote:

> Date: Tue, 23 Oct 2001 11:25:52 -0500 (CDT)
> From: mouring at etoh.eviladmin.org
> To: openssh-unix-dev at mindrot.org
> Subject: Another round of testing calls.
> 
> 
> Outside the known 'Hang-on-exit' bug and the Solaris 'PAM_TTY_KLUDGE'
> required.  *WHAT* other issues *MUST* be address before 3.0 which is
> approaching fast?
> 
> Those running NeXTStep I need conformation that it works under NeXT.  My
> current Slab is packed in a storage unit due to a fire in my apartment
> complex (happened above me so I'm wrapping up dealing with that crap =).
> 
> - Ben
> 

Forgive me if this is stupid, but the following quote from WARNING.RNG
made me wondering whether DSA/DSS could be disabled from SSH:

A particularly pernicious problem arises with DSA keys (used by the
ssh2 protocol). Performing a DSA signature (which is required for
authentication), entails the use of a 160 bit random number.  If an
attacker can predict this number, then they can deduce your *private*
key and impersonate you or your hosts.

I am esp. worried about the systems without kernel supply of strong random
numbers.

So is it possible to disable all use of DSA, or does protocol v2 requires it?
If it is possible, is that enough to set HostKeyAlgorithms to ssh-rsa alone
on client, and remove dsa keys on server,
or should we have a compile-time option to remove DSA code from ssh/sshd?

Best regards,

Wojtek
--------------------
Wojtek Pilorz
Wojtek.Pilorz at bdk.pl





More information about the openssh-unix-dev mailing list