openssh and SSLv2 ciphers
Peter Stuge
peter at stuge.se
Sat Feb 28 09:19:14 EST 2009
Smith, Steven G (Steven) wrote:
> Additionally, maybe the SSLv2 vulnerabilities would not really
> affect an openssh connection anyway.
I believe that is correct.
SSH can use the same crypto code as SSL but even though SSH
accomplishes some of the same things as SSL, SSH works differently
"on top" of the low-level ciphers.
(Both SSL and SSH can perform user authentication with PKI, but they
do it differently. Both provide a trusted communications channel
using cryptography but again, they do it differently.)
Version 1 of the SSH protocol had it's own issues, but it has been
disabled by default in OpenSSH for a long time already.
//Peter
More information about the openssh-unix-dev
mailing list