search for: ssh1

I see that commercial SSH version it is possible to run sshd in SSH1 using DES (i.e, accepting SSH-DES clients). I understand from Damien Miller that Cisco routers also run in only SSH1 DES mode. Is it possible in openSSH to configure sshd (compile-time/runtime) to run sshd in SSH1 or SSH2 mode and accept SSH1 or SSH2 DES clients ? [I would like to be able to run s...

...ld be > > > OpenSSH 7, and the one after that 8, then 9, then 10. No minor releases? > > > Sure, go ahead. Deprecate the point, > > > > > > Do you manage any machines running SSHv1? > > > > > > > If by "running" you mean accepting SSH1, of course not. From a security > > perspective, no one should be using SSH1. > > > > For those who, for whatever reason, need to support systems that only > > support SSH1, there are already sufficient solutions that have been > > noted multiple times on this list. &g...

Hi, OpenSSH git master now disabled SSH protocol 1 at compile time by default. If you want it back, then you'll need to pass --with-ssh1 to configure before you build. We expect to ship this configuration for openssh-6.9 in a few months. -d

...ou're right. My argument the is the next build of OpenSSH should be > OpenSSH 7, and the one after that 8, then 9, then 10. No minor releases? > Sure, go ahead. Deprecate the point, > > Do you manage any machines running SSHv1? > If by "running" you mean accepting SSH1, of course not. From a security perspective, no one should be using SSH1. For those who, for whatever reason, need to support systems that only support SSH1, there are already sufficient solutions that have been noted multiple times on this list. Those who are still using SSH1 have already demons...

Hi, the OpenSSH installation script for Cygwin still creates a SSH1 host key by default. My question is, wouldn't it make more sense to drop all auto-generation of SSH1 keys from the default installation procedure? I mean, nobody should use SSH1 anymore, right? Or should the script stick to it for some reason? Corinna -- Corinna Vinschen Cygwin Project C...

Hello, I was searching for this information virtually everywhere, but as I couldn't find it - I'm asking here. I was wondering, why setting the Compression Level was removed in SSH2, and if on, is always set to 6. In SSH1 it was possible to set the Compression Level from 1 to 9. I have made some tests with Compression Levels using scp: SSH1, compression 9 (highest available for SSH1), vs. SSH2, compression 6 (the only available for SSH2), and, no wonder, SSH1 *always* won, no matter if it was tar'red /etc (l...

On Solaris 8, I have ssh 3.1.0 and on other box Sol 7 I have 1.2.26 (min version for comtable with ssh 3), I checked also /etc/ssh2/sshd2_config file ## SSH1 compatibility # Ssh1Compatibility <set by configure by default> # Sshd1Path <set by configure by default 2) generate key for ssh3 # ssh-keygen2 -P /etc/ssh2/hostkey and add hostkey.pub in ssh1 authorized_keys file.

...ed to see such confusion on this list. As to disabling SSH v1, hurray! The protocol has been long-obsolete and it is well-known to be insecure. Sure, some will eventually be impacted by this, but maybe that is a good thing. Perhaps it will give a little more incentive for those who are still using SSH1 to move into this century. -- Iain Morgan

https://bugzilla.mindrot.org/show_bug.cgi?id=2583 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Blocks| |2647 CC| |djm

Hi, I am trying to decide if it is worth the time to test the Kerberos support in a port I am working on of Openssh 3.5p1. Does using Kerb5 with SSH1 solve the security problems inherent in protocol 1 and bring it up to par with the security level of SSH2 or are there other issues that Kerb5 authentication won't help for SSH1? Thanks, Greg Lambert --------------------------------- Do you Yahoo!? Free online calendar with sync to Outloo...

OpenSSH still has this feature, SSH-1.2.27 no longer has it. Admittedly it can be useful sometimes, even though I'd prefer this to be done using a trivial shell wrapper, which would be the UNIX way of doing things. Not being able to call OpenSSH's ssh by another name (say ``ssh1'') can get in the way when having to maintain two versions of ssh in parallel because the ``ssh -> ssh1'' symlink trick doesn't work (ssh gives a ``bad hostname: ssh1'' error message). How do others feel about at least conditionalizing this feature? I can come up wit...

https://bugzilla.mindrot.org/show_bug.cgi?id=1712 Summary: partial server keep-alive implementation for SSH1 Product: Portable OpenSSH Version: 5.3p1 Platform: Other OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo: unassigned-bugs at mindrot.org ReportedBy: cjwatson a...

I think I've found a bug with sshd handling audit events for commands (like scp) over ssh1 connections. Specifically, after updating to a recent FreeBSD 6.x with audit support, I'm getting log messages like these when using scp over ssh1: Sep 12 14:13:16 <auth.info> bm55 sshd[12335]: Accepted rsa for xxx from A.B.C.D port 2981 Sep 12 14:13:16 <auth.crit> bm55 sshd[12...

https://bugzilla.mindrot.org/show_bug.cgi?id=2343 Bug ID: 2343 Summary: test_fuzz.c won't compile if ssh1 support is disabled Product: Portable OpenSSH Version: 6.7p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Build system Assignee: unassigned-bugs at mindrot.org...

On Tue, 3 May 2016, Colin Watson wrote: > Debian takes the latter approach. Specifically, we have an > "openssh-client-ssh1" binary package that includes only scp1, ssh1, and > ssh-keygen1 binaries; we do not ship any server-side SSHv1 support. I > modelled this on Fedora's approach, which is basically the same aside > from a slightly different package name. > > A number of our users are basica...

If an ssh1 client initiates challenge-response authentication but does not submit a response to the challenge, and instead switches to some other authentication method, verify_response() will never run, and the kbdint device context will never be freed. In some cases (such as when the FreeBSD PAM authenticat...

OK, with this additional information I can now reproduce it. Based on some quick experiments it seems to be triggered when sshd is built --with-ssh1 and the config does not *load* a Protocol 1 host key. Works: Protocol=1,2 + Hostkey not specified Protocol=1,2 + Hostkeys for both protocols specified. Doesn't work: Protocol=2 + Hostkey not specified. Protocol=1,2 + Hostkeys specified only for Protocol 2. Protocol=2 + Hostkeys specified for...

https://bugzilla.mindrot.org/show_bug.cgi?id=2369 Bug ID: 2369 Summary: `ssh-keygen -A` errors on RSA1 when building with SSH1 disabled Product: Portable OpenSSH Version: 6.9p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: ssh-keygen Assignee: unassigned-bugs at mindrot.org...

To allow easier targeting of users of old protocols I would find it useful for the syslog "Accepted" messages to be more uniform. 1. Include the string "ssh1" for ssh1 connections as is done for ssh2 connections. 2. Change the "publickey" message for ssh2 connections to specify which publickey, "dsa" or "rsa". This is already the case for ssh1. 3. Insure the ssh1 and ssh2 accepted messages have the same number...

This is small patch for scp. It allows to force SSH1 or SSH2. P.S.: give me Cc: - I'm not subscribed... -- --------------------------------- pozdr. Pawe? Go?aszewski --------------------------------- R.I.P. - rest in pieces ... -------------- next part -------------- --- ./scp.c.org Sat Sep 8 23:37:22 2001 +++ ./scp.c Sun Sep 9 00:07...