[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Don't panic (ssh)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 14 January 2002 at 11:48:34 crispin@iinet.net.au wrote:

>> Have I missed something and was I already OK, or is the current stable
>> potato release shipping with a potential ssh security hole?  

> AFAIK, all SSH1 connections are vulnerable to the CRC32 attack. Thus you need
> to use SSH2 protocol. OpenSSH supports SSH2. You need different keys though,
> as SSH2 so far does not support RSA keypairs and needs DSA keys.  

That's the impression I was under, too. In which case the current stable
release of Debian comes with an sshd which uses protocol 1 and is
therefore open to allowing remote root compromises.

Is there any way to find out what flavour of Debian I have which is more
detailed than this:

iain@starfish:~$ cat /etc/debian_version
2.2

Cheers
- --
Iain | PGP mail preferred: pubkey @ www.deepsea.f9.co.uk/misc/iain.asc
                 Versace & Prada mean nothing to me,
           You buy your friends but I'll hate you for free
   Rescue Kyoto, boycott Esso/Exxon/Mobil: http://www.stopesso.com

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5i

iQA/AwUBPELMV2ByUNb+aO+GEQJQ9gCgi8S43E7EeimjmNgVxdVQ0lIcBcgAoNxK
VUCUJvFQB8mjDD47v4eFyyly
=6JW1
-----END PGP SIGNATURE-----



Reply to: