Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 3 subscribers
  • Views 859 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ssh Protocoll 1 supported

mortred
As I just found out the ASL as of Dec 2001, which I'm just installing still supports ssh Protocol 1 (There's a missing entry "Protocol 2" in /etc/sshd_config which obviously defaults to "Protocoll 1,2"). Recomendation as I read is to turn of the protocol 1 support for security reasons. So, why isn't that in the ASL?

regards
mortred

[ 14 January 2002: Message edited by: mortred ]



This thread was automatically locked due to age.
  • 0
    Hello,

    Seems to be right ...
    /sbin/sshd -t
    /usr/local/etc/sshd_config line 15: Deprecated option CheckMail
    Disabling protocol version 2. Could not load host key

    Tried to connect via ssh v1 is ok !

    Would be safer to close the ssh v1 regarding the known exploits on the protocol...(adding protocol 2 in /etc/sshd_config)

    I thin it must be by default in astaro version installation ... What do you think of that admins ?

    Thanks.
  • 0 in reply to Frediz
    Just a debug on 2.019:

    asl:/etc # ssh -1 -v -v 127.0.0.1
    OpenSSH_ASL_3.0.2p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f
    debug1: Reading configuration data /usr/local/etc/ssh_config
    debug1: Seeding random number generator
    debug1: Rhosts Authentication disabled, originating port will not be trusted.
    debug1: restore_uid
    debug1: ssh_connect: getuid 0 geteuid 0 anon 1
    debug1: Connecting to 127.0.0.1 [127.0.0.1] port 22.
    debug1: temporarily_use_uid: 0/0 (e=0)
    debug1: restore_uid
    debug1: temporarily_use_uid: 0/0 (e=0)
    debug1: restore_uid
    debug1: Connection established.
    debug1: identity file /root/.ssh/identity type -1
    debug1: Remote protocol version 1.99, remote software version OpenSSH_ASL_3.0.2p1
    debug1: match: OpenSSH_ASL_3.0.2p1 pat ^OpenSSH
    debug1: Local version string SSH-1.5-OpenSSH_ASL_3.0.2p1
    debug1: Waiting for server public key.
    debug1: Received server public key (768 bits) and host key (1024 bits).
    debug1: Host '127.0.0.1' is known and matches the RSA1 host key.
    debug1: Found key in /root/.ssh/known_hosts:5
    debug1: Encryption type: 3des
    debug1: Sent encrypted session key.
    debug1: Installing crc compensation attack detector.
    debug1: Received encrypted confirmation.
    debug1: Doing challenge response authentication.
    debug1: No challenge.
    debug1: Doing password authentication.
    root@127.0.0.1's password:

    Even if Patched (like for CRC32 attack), i think it would be great to avoid protocol 1 ...
Unfiltered HTML