[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Ssh2-packet still secure?

[ccing to debian-devel]

Hi Johan!

You wrote:

> I use ssh2 (2.0.13-7) on my webserver. As far as I can see this packet has
> not been updated since Sat, 15 Dec 2001 12:43:25 +0000. My question is if
> this packet is still considered secure and reliable to use after all
> OpenSSH-bugs, since it's not updated for almost 2 years, or is that because
> it's considered outdated?

AFAIK, the ssh2 package was removed ages ago because of it having
security bugs and it being obsoleted by openssh.  As far as I can see,
it's not even present in woody any more.  Are you still running potato
or is perhaps the upgrade path broken?  

Anyway, you should really upgrade to openssh ("ssh" package in Debian);
I guess your current package is very much not patched to security

Kind regards,
| Bas Zoetekouw              | GPG key: 0644fab7                     |
|----------------------------| Fingerprint: c1f5 f24c d514 3fec 8bf6 |
| bas@o2w.nl, bas@debian.org |              a2b1 2bae e41f 0644 fab7 |

Attachment: pgp8VcxALOOKG.pgp
Description: PGP signature

Reply to: