[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] openssh versions

Subject: Re: [cobalt-users] openssh versions
From: "Mike Fritsch" <mfritsch@xxxxxxxxxxxx>
Date: Sun Feb 25 22:17:00 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Thanks a lot for your help.

Mike
----- Original Message ----- 
From: "Brandon Wheaton" <brandonw@xxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Tuesday, February 20, 2001 8:09 PM
Subject: RE: [cobalt-users] openssh versions


> > -----Original Message-----
> > From: Mike Fritsch [mailto:mfritsch@xxxxxxxxxxxx]
> > 
> > With all the talk about ssh I have become very confused on 
> > which version is the safest to have. I tried to install 
> > 2.5.1 today but it needed OpenSSL and rpm and to be upgraded 
> > and we do not want to go upgrading that. So can someone tell 
> > us which versions are safe? Also wouldn't it be safe to disable
> > SSH1 protocol from the openssh 2.1.1p pkg?
> > 
> 
> Hi mike.
> 
> You shouldn't be worried about upgrading OpenSSL and RPM.  I have 
> done both on my RaQ and everything worked just fine.  You could 
> compile from source, which will benefit you in the long term, as 
> you would learn something important and beneficial, but the RPM 
> route will be faster and easier for you in the short term.  It is 
> for you to decide, young Grasshoppa. ;^)
> 
> OpenSSH 2.5.1p1 is the latest version and it is not necessary to 
> disable SSH1 compatibility as the included deattack.c patch fixes
> the SSH1 code.  This was incorporated into the 2.3.0p1 release as 
> well, so anyone using 2.3.0p1 or higher is perfectly safe running 
> with both v1 and v2 protocols active.  it might be a good idea for 
> users of < 2.3.0p1 versions to run with V1 protocol disabled, but 
> as said before, this is not an "exploit", but a mere logging flaw. 
> So long as you have strong passwords and disable remote root logins,
> you're about as safe as anyone else whether you are running SSH 
> 1.2.27 or OpenSSH 2.5.1p1.
> 
> 
> Take care.
> 
> Brandon Wheaton
> UNIX Systems Engineer 
> ValiCert, Inc.
> 1215 Terra Bella Ave. 
> Mountain View, CA 94043 
> 650.280.UNIX 
> 
> ----
> Sure UNIX is user friendly; it's just picky about who its friends are.
> 
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users

References:
- RE: [cobalt-users] openssh versions
  - From: Brandon Wheaton

Prev by Date: RE: [cobalt-users] Changing httpd.conf on RAQ2
Next by Date: Re: Re:[cobalt-users] IMPORTANT - POSSIBLE HACKS WITH PATCHES!!
Previous by thread: RE: [cobalt-users] openssh versions
Next by thread: [cobalt-users] CD restore does not work

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index