Here's the link to the Phrack article.
http://www.phrack.org/show.php?p=59&a=11
It's a really good read, and what they are
suggesting would affect the entire implementation
of SSH, not just OpenSSH or SSH.com.
It can't be fixed from the config file, as
they are not talking about the protocols 1
or 2.
-Anne
This one time, Dale Amon wrote:
> On Wed, Jul 31, 2002 at 01:58:59PM +0200, Robert van der Meulen wrote:
> >
> > Quoting Jay Kline (list@slushpupie.com):
> > > I maay be wrong, but dont the SSH clients need that banner to be able to
> > > identify what version to use?
> >
> > Yes; the major/minor combination tells the client which protocol versions
> > can be used. The latest phrack has some interesting information about that
> > as well :)
>
> But you can use the sshd_config and ssh_config to allow only the version
> you want.
>
>
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
--
.-"".__."``". Anne Carasik, System Administrator
.-.--. _...' (/) (/) ``' gator at cacr dot caltech dot edu
(O/ O) \-' ` -="""=. ', Center for Advanced Computing Research
~`~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Attachment:
pgp9oUxEElBJc.pgp
Description: PGP signature