tech-security: Re: Proposal: Disable SSHd Protocol v1 by Default (WAS: Re: ssh config path change (/etc -> /etc/ssh

Subject: Re: Proposal: Disable SSHd Protocol v1 by Default (WAS: Re: ssh config path change (/etc -> /etc/ssh
To: Curt Sampson <cjs@cynic.net>
From: Niels Provos <provos@citi.umich.edu>
List: tech-security
Date: 03/15/2002 08:13:29

Hi Curt,

We met at the last USENIX technical conference, Perry introduced us.

>(As a side note, it looks like openssh might finally get (some)
> privilege separation:
> http://www.citi.umich.edu/u/provos/ssh/privsep.html)
The goal is full privilege separation.

If you have any suggestions for improvements on the current model,
please let me know.  We are currently polishing the code, and expect
to be finished very soon.  The monitor is a very small FSM making it
easy to determine which code is being executed with privileges.

In case that you should know of any other problems with OpenSSH,
please submit bug reports via the procedure outlined in

  http://www.openssh.com/report.html

Just from looking through your mailing list archive, there seems to be
some dissatisfaction about OpenSSH in your community.  However, unless
bug reports are submitted, we will not know about the specifics.

Looking forward to your comments.

Regards,
  Niels Provos.