Re: SSH accepts protocol version 1.99

From: Markus Friedl (markus_at_openbsd.org)
Date: 08/20/03

  • Next message: Markus Friedl: "Re: SSH accepts protocol version 1.99" 
    Date: Wed, 20 Aug 2003 10:52:32 +0200
To: "Bennett R. Samowich" <brs@fsproduce.com>

    On Mon, Aug 18, 2003 at 04:45:05PM -0400, Bennett R. Samowich wrote:
    > During an audit we discovered that our SSH daemons allowed protocols
    > 1.99 and 2.0. We have the line "Protocol 2" in the config file which I
    > thought would cause sshd to only allow protocol 2.0.
    >
    > Is this true or am I missing something else?

    OpenSSH's sshd will only accept protocol version 2 if you set
            Protocol 2
    in sshd_config.

  • Next message: Markus Friedl: "Re: SSH accepts protocol version 1.99"

    Relevant Pages

    • Re: sshd
      ... # RSA and DSA keys for protocol v2 are created by /etc/init.d/sshd if they ... # if you wish to restrict the interfaces sshd listens on for a multi homed host. ... # Banner to be printed before authentication starts. ... # Note that the client may also be sending keep alive messages to the server. ...
      (comp.unix.solaris)
    • Re: ssh configuration problem
      ... Run sshd with debug option, ... mc> Protocol 2 ... mc> # To disable tunneled clear text passwords, ... mc> # Kerberos TGT Passing only works with the AFS kaserver ...
      (SSH)
    • SSHD
      ... i'm having 'strange' problem with my sshd. ... # HostKeys for protocol version 2 ... # To enable empty passwords, ... # Kerberos TGT Passing does only work with the AFS kaserver ...
      (Debian-User)
    • Re: Cannot authenticate from RedHat 7.1
      ... > JK> network and sshd is trying to do a reverse DNS lookup on the IP ... > JK> check only takes place for protocol 1 and not for protocol 2. ...
      (comp.security.ssh)
    • Re: sshd exploit
      ... permissions on the server running sshd. ... mistake in code intended to work around a protocol flaw in the SSH1 ... This vulnerability was corrected in OpenSSH 2.3.0, ... I think there's terrible confusion here about the problem; ...
      (FreeBSD-Security)