[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] openssh versions
- Subject: RE: [cobalt-users] openssh versions
- From: Brandon Wheaton <brandonw@xxxxxxxxxxxx>
- Date: Thu Feb 22 22:51:02 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
> -----Original Message-----
> From: Mike Fritsch [mailto:mfritsch@xxxxxxxxxxxx]
>
> With all the talk about ssh I have become very confused on
> which version is the safest to have. I tried to install
> 2.5.1 today but it needed OpenSSL and rpm and to be upgraded
> and we do not want to go upgrading that. So can someone tell
> us which versions are safe? Also wouldn't it be safe to disable
> SSH1 protocol from the openssh 2.1.1p pkg?
>
Hi mike.
You shouldn't be worried about upgrading OpenSSL and RPM. I have
done both on my RaQ and everything worked just fine. You could
compile from source, which will benefit you in the long term, as
you would learn something important and beneficial, but the RPM
route will be faster and easier for you in the short term. It is
for you to decide, young Grasshoppa. ;^)
OpenSSH 2.5.1p1 is the latest version and it is not necessary to
disable SSH1 compatibility as the included deattack.c patch fixes
the SSH1 code. This was incorporated into the 2.3.0p1 release as
well, so anyone using 2.3.0p1 or higher is perfectly safe running
with both v1 and v2 protocols active. it might be a good idea for
users of < 2.3.0p1 versions to run with V1 protocol disabled, but
as said before, this is not an "exploit", but a mere logging flaw.
So long as you have strong passwords and disable remote root logins,
you're about as safe as anyone else whether you are running SSH
1.2.27 or OpenSSH 2.5.1p1.
Take care.
Brandon Wheaton
UNIX Systems Engineer
ValiCert, Inc.
1215 Terra Bella Ave.
Mountain View, CA 94043
650.280.UNIX
----
Sure UNIX is user friendly; it's just picky about who its friends are.