SSH, Telnet and FTP
Hello,
The latest SSH server available in Debian SID no longer allows
connections from older SSH clients from just a few years ago.
Well, that's a good thing, some security experts might say, since those
older versions of SSH have been found to have vulnerabilites and should
no longer be used. Which would be a great argument if it were always
possible to run the latest operating system on all platforms. The
problem is that some of those SSH clients live in operating systems that
can't be upgraded, such as Mac OS 10.6.8 (Snow Leopard) or Mac OS
10.13.6 (High Sierra) on some hardware. Sometimes, older SSH clients can
be made to work by adjusting ssh_config on the client or sshd_config on
the server (to change the allowed cyphers, for example), but sometimes,
and more recently, even that doesn't work. And often scp just doesn't
work at all, even when ssh does.
I would suggest that even a ten-year-old version of ssh is more secure
than telnet or ftp. But I'm using telnet and ftp routinely now on new
installations whenever I can't get ssh to work. It would be nice if
there were a "--legacy" or similar option for sshd to allow connections
from older clients.
This isn't much of an issue for m68k, since most of those systems are
too slow to support ssh very well, anyway, but powerpc/powerpc64 systems
support ssh just fine.
I should probably send this request to the SSH upstream developers, but
it's likely that none of them would be interested in bringing back older
features that are deemed to be less secure, unless a major distribution
(such as Debian) supports the effort. I could also install my own copy
of an older version of SSH, but sooner or later older versions will no
longer compile on modern GNU/Linux distributions. Or I could just keep
using telnet and ftp over already-secure internal networks.
-Stan Johnson
Reply to: