Security Basics mailing list archives

Re: SSH / Witch options are secure ??

From: "Gabriel Orozco" <gabriel_orozco () mx sumida com>
Date: Fri, 15 Aug 2003 17:57:17 -0500

Simply build the latest version, enable use of sshv2 and you will be fine.

avoid use of ssh v1 if you can. some apps still work with it.

Regards
----- Original Message -----
From: <MatzeGuentert () gmx de>
To: <security-basics () securityfocus com>
Sent: Friday, August 15, 2003 11:41 AM
Subject: SSH / Witch options are secure ??

Hello list

I have just set up a suse 8.0 isdn router and want to update sshd. Which
options do you choose via ./configure to be as secure as possible?
Is the default installation secure enough? I have downloaded the newest
release 3.6.1p2.

I have red that OpenBSD with SSHD 2.9.9 - 3.3 is vulnerable with this
options enabled.

-- SSH2 support
-- Challenge-response authentication enabled (reported by exploit, sort
of)
-- SKEY and/or BSDAUTH defined at compile time (reported by exploit)

I now I am paranoid 8^) but this will be the only reachable service from
outside. Any hints on this?

Best Regards

Matthias Güntert

---------------------------------------------------------------------------
----------------------------------------------------------------------------

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.507 / Virus Database: 304 - Release Date: 04/08/2003

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

SSH / Witch options are secure ?? MatzeGuentert (Aug 15)
- Re: SSH / Witch options are secure ?? Chris Ess (Aug 16)
  - AW: SSH / Witch options are secure ?? MatzeGuentert (Aug 16)
    - Re: AW: SSH / Witch options are secure ?? Chris Ess (Aug 18)
- Re: SSH / Witch options are secure ?? Gabriel Orozco (Aug 16)
- <Possible follow-ups>
- RE: SSH / Witch options are secure ?? Adil Can (Aug 18)