[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Don't panic (ssh)

On 14/01/02, crispin@iinet.net.au wrote:

> AFAIK, all SSH1 connections are vulnerable to the CRC32 attack. Thus
> you need to use SSH2 protocol. OpenSSH supports SSH2. You need
> different keys though, as SSH2 so far does not support RSA keypairs
> and needs DSA keys.

OpenSSH supports both, RSA and DSA keys for SSH protocol version 2.
Please read the manpage for ssh and look for the paragraph called "SSH
protocol version 2" where this is explained. But you are right about the
CRC32 attack. The crc32 compensation attack is a vulnerability in the
SSH protocol version 1. An analysis of this exploit can be found at:


And here's an excerpt from a mail (MID:
about the rules, which clients or servers are vulnerable. The comments
are from Markus Friedl, one of the openssh authors:

| the rules are simpler:
| 1) protocol 2 only
| all
|         SSH-2.0-*
| are not affected, since no protocol v1 is iisnvolved.
| 2) protocol 1 und 2 support
| since
|         SSH-1.99-*
| supports both protocol versions, it gets more difficult.
| for the commercial server, you never know the version
| of the server that will be called for the fallback,
| you have to assume that all
|         SSH-1.99-[23]*
| are affected, and
|         SSH-1.99-OpenSSH[-_].x.y
| are affected for versions x.y < 2.3
| 3) protocol 1 only
|         SSH-1.5-OpenSSH[-_].x.y
| is affected versions x.y < 2.3
| and the commercial versions.
|         SSH-1.5-1.2.2[456789]
|         SSH-1.5-1.2.3[01]
| so:

           Debian Developer (http://www.debian.org)
1024/26CC7853 31E6 A8CA 68FC 284F 7D16  63EC A9E6 67FF 26CC 7853

Attachment: pgpbahu4wkJAW.pgp
Description: PGP signature

Reply to: