Re: Keys generated by "/etc/rc.d/sshd"

To: johan.wallen+lists%helsinki.fi@localhost (Johan Wallén)
Subject: Re: Keys generated by "/etc/rc.d/sshd"
From: "Steven M. Bellovin" <smb%cs.columbia.edu@localhost>
Date: Thu, 29 May 2008 19:00:26 -0400

On Thu, 29 May 2008 07:57:40 +0300
johan.wallen+lists%helsinki.fi@localhost (Johan Wallén) wrote:

> Hello,
> 
> Matthias Scheler <tron%zhadum.org.uk@localhost> writes:
> 
> > "/etc/rc.d/sshd" still generates host keys for the SSH protocol
> > version 1. Would anybody object if I remove that part?
> 
> I think that all support for SSH protocol version 1 should be removed
> -- that protocol version has several fatal problems.  If I remember
> correctly, the expected time to extract an SSH v1 server key via the
> protocol is around one day.  There is a reason why ssh.com stopped
> supporting version 1.
> 
Are you talking about dropping server support only or client support,
too?  Unfortunately, there are servers out there (especially in
embedded devices) that only support v1.  


                --Steve Bellovin, http://www.cs.columbia.edu/~smb

References:
- Keys generated by "/etc/rc.d/sshd"
  - From: Matthias Scheler
- Re: Keys generated by "/etc/rc.d/sshd"
  - From: Johan Wallén

Prev by Date: Re: Keys generated by "/etc/rc.d/sshd"
Next by Date: Re: Going LDAP #2
Previous by Thread: Re: Keys generated by "/etc/rc.d/sshd"
Next by Thread: Re: Going LDAP #2
Indexes:

Home | Main Index | Thread Index | Old Index