[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] crc32 compensation attack + SSH

Subject: Re: [cobalt-users] crc32 compensation attack + SSH
From: Tim Dunn <tdunn@xxxxxxxxxxxxxxxxxxx>
Date: Wed Jul 24 09:33:59 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

> I now can't get through with SSH
> 
> Unsupported protocol version: SSH-1.5-OpenSSH_3.1p1

Short form:

Change your SSH client to one that supports SSH 2.0, such as PuTTY
winOS (Google "putty ssh client" for it - it's a single-file .exe
that does telnet and SSH 2.0)

Long Form:

Which SSH daemon did you install, and how did you configure it?

If you installed the sshd rpm from ssh.com, that only talks SSH 2.0
protocol.  If you installed the OpenSSH sshd, I believe the default
configuration is to have SSH 1.5 protocol turned off because of an
in-stream hack.  I'm not a security expert, so that's all I can
state with any confidence.

If You Want to Re-Enable 1.5:

If you've installed ssh.com's server, you're stuck.  You can install
another sshd for 1.5 inbound connections, and configure the 2.0 to
fork that 1.5 sshd as needed, but that's a lot of work, and very
non-intuitive.

If you're running OpenSSH's server, just look for the line that
reads "Protocol 2" and comment it out, or change it to read
"Protocol 2,1"

tim

-- 
Sysadmin Rule #14: If it's not on fire, it's a software issue.

Follow-Ups:
- Re: [cobalt-users] crc32 compensation attack + SSH
  - From: Revd leonard payne

References:
- Re: [cobalt-users] crc32 compensation attack + SSH
  - From: Revd leonard payne

Prev by Date: RE: [cobalt-users] how do you get a new member to upload without dns resolved?
Next by Date: RE: [cobalt-users] openwebmail...getting rid of www
Previous by thread: Re: [cobalt-users] crc32 compensation attack + SSH
Next by thread: Re: [cobalt-users] crc32 compensation attack + SSH

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index