kevin at rainford.org.uk
Fri Feb 22 12:34:57 GMT 2002
OK read the thread and the general feeling is
1 Why use SSH1 when 2 is available
2 Don't enable SSH1 fallback in SSH2
3 People make money from selling products and services ( Sorry but that sort of thing
pays my bills )
4 It's OK to log into a server running SSH1 ( of course it is. the sysadmin has the
problems not the clients)
That's what I got from the thread but I could have miss some thing
-- Kevin O'Connor
Ziptek Technologies Ltd.
On 22 Feb 2002 at 11:31, Sam Smith wrote:
> On Fri, 22 Feb 2002, Kevin O'Connor wrote:
> > > On Fri, 22 Feb 2002, Kevin O'Connor wrote:
> > > > Why would any one still be running SSH1. Implementations of SSH2 that
> > > > fallback on SSH1 for clients that cannot connect using SSH2 should be
> > > > removed from servers to prevent a known security hole.
> > > > http://www.cert.org/advisories/CA-2001-35.html
> > >
> > > Wouldn't it just be easier to upgrade the server to a non-vulnerable
> > > version?
> > There is no such thing as a non-vulnerable version of SSH1 If there
> > was the problem with fallback in SSH2 would not exist.
> You may want to read the whole of the following thread in the ssh
> list archives: http://marc.theaimsgroup.com/?t=101259053300001&r=1&w=2
More information about the Ukfreebsd