Re: Two simple openssh questions...

From: Nico Kadel-Garcia (nkadel_at_verizon.net)
Date: 08/25/03

  • Next message: Tag: "Re: Two simple openssh questions..." 
    Date: Mon, 25 Aug 2003 12:30:50 GMT

    Tag wrote:

    > Hi,
    >
    > I have got a couple simple openssh questions that I haven't been able to
    > answer myself by searching on the internet. If someone could answer any
    > one or both of them, I would be very pleased - :-)
    >
    > 1) I am using Redhat 9 - successfully logging in on another machine with
    > ssh but it takes about 20 seconds before I get a command prompt on the
    > remote machine. Is this delay normal behaviour or is there something
    > that I need to look at in my ssh configuration?

    It's common if you don't have reverse DNS setup on your client in this
    case: there's a lookup of the IP address the connection comes from, and
    that takes time to time-out if the IP address is not registered. You can
    run the SSH daemon with the "-u0" option to prevent this.

    Also, if the machine is slow, it will take some time to generate the
    public-key based exchanges where the machines talk back and forth and
    verify that the server has the right *private* key to match the public key.

    > 2) I am about to compile the source of openssh3.6.1 and note that there
    > are two versions available for download on the openssh.org website - one
    > ending with p1 (openssh-3.6.1p1.tar.gz) and then other ending in p2
    > (openssh-3.6.1p2.tar.gz). I am guessing that if I am to use ssh
    > protocol 1 then I need the file which includes p1 in its filename and
    > the file with p2 in its name if I want to use ssh protocol 2. Is this
    > correct? In which case, if I want to support both, do I need to
    > download and compile both packages?

    Good guess, but wrong. OpenSSH has incorporated both protocol 1 and
    protocol 2 into the same binary and source code distribution for quite
    some time. It's only the old ssh.com code (which is of lesser quality,
    in my opinion) that splits them off.

    p2 is just a slightly newer version: I wasn't aware one had been published.

  • Next message: Tag: "Re: Two simple openssh questions..."

    Relevant Pages

    • [NEWS] SSH Protocol Weakness Vulnerability (MITM)
      ... A weakness in the backward compatibility of the SSH Protocol has been ... SSH version 1.0) is unlikely to have the host key for the other protocol ... The SSH daemons advertise one of two major versions, ...
      (Securiteam)
    • SUMMARY: SSH 2.5.2p2 on Tru64 4.0g
      ... SSH is very particular about the permissions on the $HOME/.ssh ... Always pay particular attention the the ssh SERVERs protocol usage. ... when only using the identity.pub or rsa key. ... file on the remote host to reflect the host name without domain that was ...
      (Tru64-UNIX-Managers)
    • Re: Where do the random numbers come from?
      ... I'll look into ssh... ... >>just using an established protocol is that resources on my client are ... > the server is convinced of your identity, a malicious attacker in ... >>Of course you can seed the BouncyCastle random number generator with ...
      (comp.security.ssh)
    • Re: how to react on ssh attacks?
      ... > I recently checked my log files of my ssh service (so far as I ... these attacks will get more sophisticated as time goes on - the ... Protocol 2,1 line in /etc/ssh/sshd_config to say Protocol 2 and then ... Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org ...
      (Fedora)
    • Re: A Solution for sniffing
      ... > Nowadays most people who sniff, sniff using tools that poison your ... SSH connection in FULL-DUPLEX ... bug in SSH protocol v 1, that is not present in SSH protocol v 2 ... as the unknown host key may belong to the 'man in the ...
      (Security-Basics)