Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SSH 1 Why?

From: core.lists.bugtraq () CORE-SDI COM (Iván Arce)
Date: Thu, 16 Dec 1999 15:28:48 -0300

Emiel Kollof wrote:


Emiliano Kargieman wrote:


What you are missing is the following: upgrading to SSH 2 implies upgrading to
version 2 of the protocol, in order to prevent the abovementioned problem you
can no longer support compatibility with version 1.x of the protocol. So you
have to update all your SSH servers and clients.


Not true. If you have ssh1 installed, and you compile ssh2, ssh2
maintains version1 protocol compatibility, which means you can still
connect to a ssh2 sshd with a ssh1 client.



yes, but thats exactly what you DONT want
protocol version 1 (note that i said protocol not ssh) has the problem
that Emiliano was refering to, besides being much more modular and clean.

If you are really concerned about security you dont want backwards
compatibility with a flawed protocol. Therefore, your SSH2 serverrs shouldnt
allow v1 connections, therefore you should upgrade the clients as well.

This reminds me of the issues related to MS NT and MS win95 authentication...

-ivan


--
"Understanding. A cerebral secretion that enables one having it to know
 a house from a horse by the roof on the house,
 It's nature and laws have been exhaustively expounded by Locke,
 who rode a house, and Kant, who lived in a horse." - Ambrose Bierce

==================[ CORE Seguridad de la Informacion S.A. ]=========
Iván Arce
Presidente
PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836  B25D 207B E78E 2AD1 F65A
email: iarce () core-sdi com
http://www.core-sdi.com
Pte. Juan D. Peron 315 Piso 4 UF 17
1038 Capital Federal
Buenos Aires, Argentina.              Tel/Fax : +(54-11) 4331-5402
Casilla de Correos 877 (1000) Correo Central
=====================================================================

--- For a personal reply use iarce () core-sdi com
Previous By Date Next
Previous By Thread Next

Current thread: