Bugtraq mailing list archives
Re: Bug in ssh client (open ssh 2.3.0)
From: Tatu Ylonen <ylo () SSH COM>
Date: Sat, 10 Feb 2001 14:42:23 +0200
* Tomasz Ku?niar wrote:Ssh client is suid, so it could be real problem. Must check source...SUID is only needed when using rhosts or rshost-rsa authentication. Many installations don't need it. Just set this option [taken from man ssh]:
The SSH2 architecture has been designed so that the client does not need a SUID bit at all. SSH2 has a small helper program, ssh-signer2, which does the signing operation for host based authentication. This way, the amount of code that needs to run SUID root is greatly minimized, reducing the probability of security bugs related to it. SSH2 also fixes fundamental security problems in the old SSH1 protocol. SSH1 is DEPRECATED, and people are strongly encouraged to move to using the SSH2 protocol. The latest version of SSH2 is ssh-2.4.0, available from ftp://ftp.ssh.com/pub/ssh. SSH2 is completely free for any use on Linux, FreeBSD, NetBSD, and OpenBSD, as well as for use by universities and charity organizations, and for personal hobby/recreational use by individuals. (For commercial use, please see http://www.ssh.com/.) Tatu -- SSH Communications Security http://www.ssh.com/ SSH IPSEC Toolkit http://www.ipsec.com/ SSH(R) Secure Shell(TM) http://www.ssh.com/products/ssh
Current thread:
- Re: Bug in ssh client (open ssh 2.3.0) Ben Greenbaum (Feb 10)
- <Possible follow-ups>
- Bug in ssh client (open ssh 2.3.0) Tomasz Kuźniar (Feb 10)
- Re: Bug in ssh client (open ssh 2.3.0) rafal wiosna (Feb 10)
- Re: Bug in ssh client (open ssh 2.3.0) Tatu Ylonen (Feb 10)
- Re: Bug in ssh client (open ssh 2.3.0) rafal wiosna (Feb 10)
- Re: Bug in ssh client (open ssh 2.3.0) Tatu Ylonen (Feb 12)