OpenSSH 2.9p2 / SSH3 vulnerability?
Theo E. Schlossnagle
jesus at omniti.com
Thu Aug 23 12:13:31 EST 2001
mouring at etoh.eviladmin.org wrote:
>>2) There is a "SECURID" patch in the contrib section since 2.5.2p2. I am using it, but applying this
>>patch to each new version is growing more difficult as time goes on. Would you consider merging this
>>function into the core of openssh? (with a configure flag and everything)? I would certainly
>>appreciate it...
>>
>>
>
> There is? I don't see it in the -current version of the portable.
>
> I don't believe there is any plans on adding Secure ID. I no longer
> remember the reasons.. <shrug>
>
> But doing a simple grep for "SecureID" in my archives I see comments like
>
> "Integrating SecureID is additional complexity which has to be
> maintained,"
>
> .. So I think it's a safe bet it will not. =)
Your grep failed because it is spelled SecurID (no second 'e'). Thank RSA for
the jewel. That patch is actively maintained (by me).
It was not incorporated into the main distribution because it is commercial
product that requires proprietary client libraries available only in binary form.
--
Theo Schlossnagle
1024D/82844984/95FD 30F1 489E 4613 F22E 491A 7E88 364C 8284 4984
2047R/33131B65/71 F7 95 64 49 76 5D BA 3D 90 B9 9F BE 27 24 E7
More information about the openssh-unix-dev
mailing list