Bugtraq mailing list archives

Re: SSH 1 Why?

From: E.Kollof () IND TNO NL (Emiel Kollof)
Date: Wed, 15 Dec 1999 13:39:13 +0100


Emiliano Kargieman wrote:


What you are missing is the following: upgrading to SSH 2 implies upgrading to
version 2 of the protocol, in order to prevent the abovementioned problem you
can no longer support compatibility with version 1.x of the protocol. So you
have to update all your SSH servers and clients.


Not true. If you have ssh1 installed, and you compile ssh2, ssh2
maintains version1 protocol compatibility, which means you can still
connect to a ssh2 sshd with a ssh1 client.

In the real world (somewhere around here?) updating all this clients takes can
take a long time, so even if you are upgrading to version 2 you need to keep
backwards compatibility for a while... that means, any problems found in SSH 1
still concern a lot of people (see the short answer for details).


This might be a valid point. But upgrading *all* clients to ssh2 is not
nessesary. You can still maintain ssh1 compatibility.

Cheers,
Emiel

Current thread:

CERT Advisory CA-99-16 Buffer Overflow in Sun Solstice AdminSuite Daemon sadmind, (continued)
- - - CERT Advisory CA-99-16 Buffer Overflow in Sun Solstice AdminSuite Daemon sadmind Elias Levy (Dec 14)
    - Statement: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Jarle Aase (Dec 16)
  - sshd1 allows unencrypted sessions regardless of server policy Markus Friedl (Dec 14)
    - Re: sshd1 allows unencrypted sessions regardless of server policy Michael H. Warfield (Dec 14)
    - Re: sshd1 allows unencrypted sessions regardless of server policy Pavel Machek (Dec 14)
    - Re: sshd1 allows unencrypted sessions regardless of server policy Joseph Moran (Dec 14)
    - Re: sshd1 allows unencrypted sessions regardless of server policy David Schwartz (Dec 15)
    - SSH-1.2.27 & RSAREF2 exploit Iván Arce (Dec 14)
    - SSH 1 Why? Daniel P. Zepeda (Dec 14)
    - Re: SSH 1 Why? Emiliano Kargieman (Dec 15)
    - Re: SSH 1 Why? Emiel Kollof (Dec 15)
    - Re: SSH 1 Why? Iván Arce (Dec 16)
    - Re: SSH 1 Why? R. J. Wysocki (Dec 18)
    - Groupewise Web Interface Sacha Faust Bourque (Dec 19)
    - Re: Groupewise Web Interface Raymond Dijkxhoorn (Dec 20)
    - Re: Groupewise Web Interface Bayard G. Bell (Dec 21)
    - Announcement: Solaris loadable kernel module backdoor plasmoid (Dec 20)
    - Re: Announcement: Solaris loadable kernel module backdoor pedward () WEBCOM COM (Dec 21)
    - Re: Announcement: Solaris loadable kernel module backdoor Marc Esipovich (Dec 22)
    - Re: Announcement: Solaris loadable kernel module backdoor Steven Alexander (Dec 23)
    - Re: Announcement: Solaris loadable kernel module backdoor Rainer Link (Dec 22)

(Thread continues...)