Subject: Re: Proposal: Disable SSHd Protocol v1 by Default (WAS: Re: ssh
To: Thor Lancelot Simon <tls@rek.tjls.com>
From: Brian A. Seklecki <lavalamp@spiritual-machines.org>
List: netbsd-users
Date: 03/14/2002 14:38:03
On Thu, 14 Mar 2002, Thor Lancelot Simon wrote:

first off, thanks for the feedback.

>
> There have been *dozens* of security holes *in the original Ylonen SSH
> implementation*, which needless to say have shown up in its progeny, the
> F-Secure, OpenSSH, and SSH.COM implementations, but they haven't been
> protocol related; generally they have been simple examples of bad
> programming practice.

So, from a pesemism standpoint, you're saying it's not worth the change,
simply because the code is so poor?  "Don't bother, then...there are
bigger issues at hand" ?

You seem to describe OpenSSH as a ticking time-bomb.

>
> There are good reasons to use the version 2 SSH protocol, but your
> reasoning about what they are relies upon a false premise.  Try again.
>

Everything credible I've read indicates that the most secure
implementation involves exclusive use of protocol 2, DSA keys (empty
passphrase or not), disabling superfluous features like 'PermitRootLogin',
'PermitEmptyPasswords', X/11 forwarding, and of course, ACL's, either via
libwrap or ipf limiting which hosts can connect.