Proposal: OpenSSH 2.3.0/2.5.1 to proposed updates

To: debian-security@lists.debian.org
Subject: Proposal: OpenSSH 2.3.0/2.5.1 to proposed updates
From: Steve <tarka@zip.com.au>
Date: Fri, 2 Mar 2001 19:13:22 +1100
Message-id: <[🔎] 15007.22050.363060.296614@colderidge.tarka.org>

Hi,

Would it be possible for the latest version of OpenSSH (2.5.1 in
unstable) to be back-ported to potato and added to proposed updates
once it enters testing.

I propose this due to the recent set of ssh vulnerabilities most (all?)
of which didn't apply to 2.3.0, and the concerns over the fundamental
failings in the ssh1 protocol.  Now that the OpenSSH V2 code has been
around for a while and RSA is in the public domain, it might be good
to begin a transition to ssh2 before a woody release (which will be a
few months of at best).

I realise that newer is not necessarily better, but the 2.3.0 code has
been around for a while (~6 months?), and can probably be trusted if
2.5.1 is consider too new.

Disclaimer: I am not a developer.  However, I am happy to help
implement/test this if hands are needed.

Cheers,
Steve

Reply to:

Follow-Ups:
- Re: Proposal: OpenSSH 2.3.0/2.5.1 to proposed updates
  - From: Jacob Meuser <jakemsr@clipper.net>

Prev by Date: Re: SSH with potato, not very secure?
Next by Date: just say 'no' to root passwords
Previous by thread: just say 'no' to root passwords
Next by thread: Re: Proposal: OpenSSH 2.3.0/2.5.1 to proposed updates
Index(es):
- Date
- Thread