On Fri, Mar 02, 2001 at 08:39:09AM +0100, Runar Bell wrote: > Hi, > > and thanks to everybody for all the useful information I have received. :) > One good thing about using SSH2.4 in stead of OpenSSH is that if someone > installed an RSA key in my .ssh/authorized_keys file, it would be of no > use :) Besides, I have heard that the SSH1.1 protocol is unsecure, and > that it is recommended to upgrade to SSH2. then turn off protocol 1 in OpenSSH. this is just FUD. > One reason why I did not install any security-updates to SSH1.1 is that on > the web page of www.debian.org they say that there is a remote exploit in > OpenSSH (DSA-027) but it is fixed in Debian 2.2 (potato) and that is the > one I installed. I did not think that I had to install all > security-updates as well, figured they would be in the install. Perhaps > that is something which should be clearly stated on the debian pages? always install security updates, thats HOW debian fixes security problems. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgp1RERnzz0aq.pgp
Description: PGP signature