tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Keys generated by "/etc/rc.d/sshd"

On Thu, 29 May 2008 07:57:40 +0300 (Johan Wallén) wrote:

> Hello,
> Matthias Scheler <> writes:
> > "/etc/rc.d/sshd" still generates host keys for the SSH protocol
> > version 1. Would anybody object if I remove that part?
> I think that all support for SSH protocol version 1 should be removed
> -- that protocol version has several fatal problems.  If I remember
> correctly, the expected time to extract an SSH v1 server key via the
> protocol is around one day.  There is a reason why stopped
> supporting version 1.
Are you talking about dropping server support only or client support,
too?  Unfortunately, there are servers out there (especially in
embedded devices) that only support v1.  

                --Steve Bellovin,

Home | Main Index | Thread Index | Old Index