Re: can't turn off ssh password access on my new solaris box
- From: "Richard E. Silverman" <res@xxxxxxxx>
- Date: 23 Apr 2006 22:55:31 -0400
"NKG" == Nico Kadel-Garcia <nkadel@xxxxxxxxxxx> writes:
>> Good point. I try to forget that SSH-1 exists. :)
NKG> Richard, are we anywhere near the point where SSH 1 should be
NKG> disabled by default in sshd_config? I'm under the impression that
NKG> it's really fallen out of favor: I haven't used it in years
NKG> except by accident.
I think so, unless there's some specific need for it; certainly if it's
for use by/inside your own organization. If you're an ISP or other entity
like, say, anonymizer.com, then perhaps you still want to leave it on to
accomodate your more archaic customers. Or, if you think your associates
may have to log in from random locations with whatever SSH client they can
find -- although of course, there are bigger problems with that than your
choice of protocol. And, SSH-1 is especially to be avoided in such a
case, since its weak key exchange allows the client to force an insecure
session key.
--
Richard Silverman
res@xxxxxxxx
.
- References:
- can't turn off ssh password access on my new solaris box
- From: stroller
- Re: can't turn off ssh password access on my new solaris box
- From: Richard E. Silverman
- Re: can't turn off ssh password access on my new solaris box
- From: Darren Tucker
- Re: can't turn off ssh password access on my new solaris box
- From: Richard E. Silverman
- Re: can't turn off ssh password access on my new solaris box
- From: Nico Kadel-Garcia
- can't turn off ssh password access on my new solaris box
- Prev by Date: Re: can't turn off ssh password access on my new solaris box
- Next by Date: Re: Any public port forwarding servers available ?
- Previous by thread: Re: can't turn off ssh password access on my new solaris box
- Index(es):
Relevant Pages
|
